From 58c6bcde5627a05b79e8c3481b331aa35c63c762 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Tue, 12 Mar 2024 10:56:29 -0700 Subject: [PATCH] Update capi files Signed-off-by: Tamal Saha --- ...anagedPolicyCloudProviderControlPlane.json | 69 + ...AWSIAMManagedPolicyCloudProviderNodes.json | 27 + .../AWSIAMManagedPolicyControllers.json | 186 + ...AWSIAMManagedPolicyControllersWithEKS.json | 186 + .../AWSIAMManagedPolicyControllersWithS3.json | 200 + .../v2.3.5/cluster-template-eks-fargate.yaml | 41 + .../v2.3.5/cluster-template-eks-ipv6.yaml | 93 + .../cluster-template-eks-machinepool.yaml | 71 + ...r-template-eks-managedmachinepool-gpu.yaml | 145 + ...emplate-eks-managedmachinepool-vpccni.yaml | 59 + ...uster-template-eks-managedmachinepool.yaml | 55 + .../v2.3.5/cluster-template-eks.yaml | 73 + ...ster-template-external-cloud-provider.yaml | 992 + .../v2.3.5/cluster-template-flatcar.yaml | 167 + .../v2.3.5/cluster-template-machinepool.yaml | 131 + ...er-template-multitenancy-clusterclass.yaml | 297 + .../cluster-template-simple-clusterclass.yaml | 242 + .../v2.3.5/cluster-template.yaml | 969 + .../v2.3.5/infrastructure-components.yaml | 14049 ++++ .../v2.3.5/metadata.yaml | 49 + ...anagedPolicyCloudProviderControlPlane.json | 69 + ...AWSIAMManagedPolicyCloudProviderNodes.json | 27 + .../AWSIAMManagedPolicyControllers.json | 186 + ...AWSIAMManagedPolicyControllersWithEKS.json | 186 + .../AWSIAMManagedPolicyControllersWithS3.json | 201 + .../v2.4.0/cluster-template-eks-fargate.yaml | 41 + .../v2.4.0/cluster-template-eks-ipv6.yaml | 93 + .../cluster-template-eks-machinepool.yaml | 71 + ...r-template-eks-managedmachinepool-gpu.yaml | 145 + ...emplate-eks-managedmachinepool-vpccni.yaml | 59 + ...uster-template-eks-managedmachinepool.yaml | 55 + .../v2.4.0/cluster-template-eks.yaml | 73 + ...ster-template-external-cloud-provider.yaml | 992 + .../v2.4.0/cluster-template-flatcar.yaml | 167 + .../v2.4.0/cluster-template-machinepool.yaml | 131 + ...er-template-multitenancy-clusterclass.yaml | 297 + .../cluster-template-rosa-machinepool.yaml | 83 + .../v2.4.0/cluster-template-rosa.yaml | 54 + .../cluster-template-simple-clusterclass.yaml | 242 + .../v2.4.0/cluster-template.yaml | 969 + .../v2.4.0/infrastructure-components.yaml | 16169 ++++ .../v2.4.0/metadata.yaml | 52 + .../v1.12.4/cluster-template-aad.yaml | 211 + .../cluster-template-aks-clusterclass.yaml | 125 + .../cluster-template-aks-topology.yaml | 21 + .../v1.12.4/cluster-template-aks.yaml | 116 + .../cluster-template-azure-bastion.yaml | 207 + .../cluster-template-azure-cni-v1.yaml | 214 + .../cluster-template-clusterclass.yaml | 239 + .../v1.12.4/cluster-template-dual-stack.yaml | 240 + .../v1.12.4/cluster-template-edgezone.yaml | 208 + .../v1.12.4/cluster-template-ephemeral.yaml | 211 + .../v1.12.4/cluster-template-flatcar.yaml | 247 + .../v1.12.4/cluster-template-ipv6.yaml | 256 + .../cluster-template-machinepool-windows.yaml | 288 + .../v1.12.4/cluster-template-machinepool.yaml | 208 + .../v1.12.4/cluster-template-nvidia-gpu.yaml | 206 + .../v1.12.4/cluster-template-private.yaml | 219 + .../v1.12.4/cluster-template-topology.yaml | 23 + .../v1.12.4/cluster-template-windows.yaml | 293 + .../v1.12.4/cluster-template.yaml | 205 + .../v1.12.4/infrastructure-components.yaml | 48680 ++++++++++++ .../v1.12.4/metadata.yaml | 55 + .../v1.13.2/cluster-template-aad.yaml | 211 + .../cluster-template-aks-clusterclass.yaml | 125 + .../cluster-template-aks-topology.yaml | 21 + .../v1.13.2/cluster-template-aks.yaml | 116 + .../cluster-template-azure-bastion.yaml | 207 + .../cluster-template-azure-cni-v1.yaml | 214 + .../cluster-template-clusterclass.yaml | 239 + .../v1.13.2/cluster-template-dual-stack.yaml | 231 + .../v1.13.2/cluster-template-edgezone.yaml | 208 + .../v1.13.2/cluster-template-ephemeral.yaml | 211 + .../v1.13.2/cluster-template-flatcar.yaml | 247 + .../v1.13.2/cluster-template-ipv6.yaml | 247 + .../cluster-template-machinepool-windows.yaml | 288 + .../v1.13.2/cluster-template-machinepool.yaml | 208 + .../v1.13.2/cluster-template-nvidia-gpu.yaml | 206 + .../v1.13.2/cluster-template-private.yaml | 219 + .../v1.13.2/cluster-template-topology.yaml | 23 + .../v1.13.2/cluster-template-windows.yaml | 293 + .../v1.13.2/cluster-template.yaml | 205 + .../v1.13.2/infrastructure-components.yaml | 63166 +++++++++++++++ .../v1.13.2/metadata.yaml | 58 + .../v1.14.0/cluster-template-aad.yaml | 211 + .../cluster-template-aks-clusterclass.yaml | 125 + .../cluster-template-aks-topology.yaml | 21 + .../v1.14.0/cluster-template-aks.yaml | 118 + .../cluster-template-azure-bastion.yaml | 207 + .../cluster-template-azure-cni-v1.yaml | 214 + .../cluster-template-clusterclass.yaml | 239 + .../v1.14.0/cluster-template-dual-stack.yaml | 231 + .../v1.14.0/cluster-template-edgezone.yaml | 208 + .../v1.14.0/cluster-template-ephemeral.yaml | 211 + .../v1.14.0/cluster-template-flatcar.yaml | 247 + .../v1.14.0/cluster-template-ipv6.yaml | 247 + .../cluster-template-machinepool-windows.yaml | 288 + .../v1.14.0/cluster-template-machinepool.yaml | 208 + .../v1.14.0/cluster-template-nvidia-gpu.yaml | 206 + .../v1.14.0/cluster-template-private.yaml | 219 + .../v1.14.0/cluster-template-topology.yaml | 23 + .../v1.14.0/cluster-template-windows.yaml | 293 + .../v1.14.0/cluster-template.yaml | 205 + .../v1.14.0/infrastructure-components.yaml | 64818 ++++++++++++++++ .../v1.14.0/metadata.yaml | 61 + .../cluster-template-gke-autopilot.yaml | 36 + .../v1.6.0/cluster-template-gke.yaml | 61 + .../v1.6.0/cluster-template.yaml | 116 + .../v1.6.0/infrastructure-components.yaml | 3279 + .../v1.6.0/metadata.yaml | 34 + .../v1.5.6/bootstrap-components.yaml | 6630 ++ .../v1.5.6/cluster-api-components.yaml | 25243 ++++++ .../v1.5.6/cluster-template-development.yaml | 37 + ...luster-template-in-memory-development.yaml | 22 + .../clusterclass-in-memory-quick-start.yaml | 152 + .../v1.5.6/clusterclass-quick-start.yaml | 257 + .../v1.5.6/control-plane-components.yaml | 6855 ++ files/cluster-api/v1.5.6/core-components.yaml | 11756 +++ ...infrastructure-components-development.yaml | 2578 + ...ture-components-in-memory-development.yaml | 1204 + files/cluster-api/v1.5.6/metadata.yaml | 32 + ...time-extension-components-development.yaml | 150 + .../v1.5.6/runtime-sdk-openapi.yaml | 2237 + .../v1.6.2/bootstrap-components.yaml | 6644 ++ .../v1.6.2/cluster-api-components.yaml | 25910 ++++++ .../v1.6.2/cluster-template-development.yaml | 41 + ...luster-template-in-memory-development.yaml | 22 + .../clusterclass-in-memory-quick-start.yaml | 152 + .../v1.6.2/clusterclass-quick-start.yaml | 292 + .../v1.6.2/control-plane-components.yaml | 6869 ++ files/cluster-api/v1.6.2/core-components.yaml | 12395 +++ ...infrastructure-components-development.yaml | 2815 + ...ture-components-in-memory-development.yaml | 1220 + files/cluster-api/v1.6.2/metadata.yaml | 32 + ...time-extension-components-development.yaml | 225 + .../v1.6.2/runtime-sdk-openapi.yaml | 2326 + 136 files changed, 346100 insertions(+) create mode 100644 files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderControlPlane.json create mode 100644 files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderNodes.json create mode 100644 files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllers.json create mode 100644 files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithEKS.json create mode 100644 files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithS3.json create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-fargate.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-ipv6.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-machinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-gpu.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-vpccni.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-eks.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-external-cloud-provider.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-flatcar.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-machinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-multitenancy-clusterclass.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template-simple-clusterclass.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/cluster-template.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/infrastructure-components.yaml create mode 100644 files/cluster-api-provider-aws/v2.3.5/metadata.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderControlPlane.json create mode 100644 files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderNodes.json create mode 100644 files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllers.json create mode 100644 files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithEKS.json create mode 100644 files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithS3.json create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-fargate.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-ipv6.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-machinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-gpu.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-vpccni.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-eks.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-external-cloud-provider.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-flatcar.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-machinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-multitenancy-clusterclass.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa-machinepool.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template-simple-clusterclass.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/cluster-template.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/infrastructure-components.yaml create mode 100644 files/cluster-api-provider-aws/v2.4.0/metadata.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-aad.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-clusterclass.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-topology.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-aks.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-bastion.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-cni-v1.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-clusterclass.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-dual-stack.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-edgezone.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-ephemeral.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-flatcar.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-ipv6.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool-windows.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-nvidia-gpu.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-private.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-topology.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template-windows.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/cluster-template.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/infrastructure-components.yaml create mode 100644 files/cluster-api-provider-azure/v1.12.4/metadata.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-aad.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-clusterclass.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-topology.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-aks.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-bastion.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-cni-v1.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-clusterclass.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-dual-stack.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-edgezone.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-ephemeral.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-flatcar.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-ipv6.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool-windows.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-nvidia-gpu.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-private.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-topology.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template-windows.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/cluster-template.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/infrastructure-components.yaml create mode 100644 files/cluster-api-provider-azure/v1.13.2/metadata.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-aad.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-clusterclass.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-topology.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-aks.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-bastion.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-cni-v1.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-clusterclass.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-dual-stack.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-edgezone.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-ephemeral.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-flatcar.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-ipv6.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool-windows.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-nvidia-gpu.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-private.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-topology.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template-windows.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/cluster-template.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/infrastructure-components.yaml create mode 100644 files/cluster-api-provider-azure/v1.14.0/metadata.yaml create mode 100644 files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke-autopilot.yaml create mode 100644 files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke.yaml create mode 100644 files/cluster-api-provider-gcp/v1.6.0/cluster-template.yaml create mode 100644 files/cluster-api-provider-gcp/v1.6.0/infrastructure-components.yaml create mode 100644 files/cluster-api-provider-gcp/v1.6.0/metadata.yaml create mode 100644 files/cluster-api/v1.5.6/bootstrap-components.yaml create mode 100644 files/cluster-api/v1.5.6/cluster-api-components.yaml create mode 100644 files/cluster-api/v1.5.6/cluster-template-development.yaml create mode 100644 files/cluster-api/v1.5.6/cluster-template-in-memory-development.yaml create mode 100644 files/cluster-api/v1.5.6/clusterclass-in-memory-quick-start.yaml create mode 100644 files/cluster-api/v1.5.6/clusterclass-quick-start.yaml create mode 100644 files/cluster-api/v1.5.6/control-plane-components.yaml create mode 100644 files/cluster-api/v1.5.6/core-components.yaml create mode 100644 files/cluster-api/v1.5.6/infrastructure-components-development.yaml create mode 100644 files/cluster-api/v1.5.6/infrastructure-components-in-memory-development.yaml create mode 100644 files/cluster-api/v1.5.6/metadata.yaml create mode 100644 files/cluster-api/v1.5.6/runtime-extension-components-development.yaml create mode 100644 files/cluster-api/v1.5.6/runtime-sdk-openapi.yaml create mode 100644 files/cluster-api/v1.6.2/bootstrap-components.yaml create mode 100644 files/cluster-api/v1.6.2/cluster-api-components.yaml create mode 100644 files/cluster-api/v1.6.2/cluster-template-development.yaml create mode 100644 files/cluster-api/v1.6.2/cluster-template-in-memory-development.yaml create mode 100644 files/cluster-api/v1.6.2/clusterclass-in-memory-quick-start.yaml create mode 100644 files/cluster-api/v1.6.2/clusterclass-quick-start.yaml create mode 100644 files/cluster-api/v1.6.2/control-plane-components.yaml create mode 100644 files/cluster-api/v1.6.2/core-components.yaml create mode 100644 files/cluster-api/v1.6.2/infrastructure-components-development.yaml create mode 100644 files/cluster-api/v1.6.2/infrastructure-components-in-memory-development.yaml create mode 100644 files/cluster-api/v1.6.2/metadata.yaml create mode 100644 files/cluster-api/v1.6.2/runtime-extension-components-development.yaml create mode 100644 files/cluster-api/v1.6.2/runtime-sdk-openapi.yaml diff --git a/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderControlPlane.json b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderControlPlane.json new file mode 100644 index 00000000..2b628452 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderControlPlane.json @@ -0,0 +1,69 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyVolume", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DetachVolume", + "ec2:RevokeSecurityGroupIngress", + "ec2:DescribeVpcs", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:AttachLoadBalancerToSubnets", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateLoadBalancerPolicy", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancerListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DetachLoadBalancerFromSubnets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", + "iam:CreateServiceLinkedRole", + "kms:DescribeKey" + ], + "Resource": [ + "*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderNodes.json b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderNodes.json new file mode 100644 index 00000000..e4620777 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyCloudProviderNodes.json @@ -0,0 +1,27 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AssignIpv6Addresses", + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstanceTypes", + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecr:BatchGetImage" + ], + "Resource": [ + "*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllers.json b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllers.json new file mode 100644 index 00000000..ca16d0de --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllers.json @@ -0,0 +1,186 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeIpamPools", + "ec2:AllocateIpamPoolCidr", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteListener", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags" + ], + "Resource": [ + "arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "spot.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithEKS.json b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithEKS.json new file mode 100644 index 00000000..ca16d0de --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithEKS.json @@ -0,0 +1,186 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeIpamPools", + "ec2:AllocateIpamPoolCidr", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteListener", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags" + ], + "Resource": [ + "arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "spot.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithS3.json b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithS3.json new file mode 100644 index 00000000..d5c4ce22 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/AWSIAMManagedPolicyControllersWithS3.json @@ -0,0 +1,200 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeIpamPools", + "ec2:AllocateIpamPoolCidr", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteListener", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags" + ], + "Resource": [ + "arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "spot.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:PutObject", + "s3:DeleteObject", + "s3:PutBucketPolicy", + "s3:PutBucketTagging" + ], + "Resource": [ + "arn:*:s3:::cluster-api-provider-aws-*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-fargate.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-fargate.yaml new file mode 100644 index 00000000..c9dca2b4 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-fargate.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSFargateProfile +metadata: + name: "${CLUSTER_NAME}-fargate-0" +spec: + clusterName: "${CLUSTER_NAME}" + selectors: + - namespace: default diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-ipv6.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-ipv6.yaml new file mode 100644 index 00000000..7a6dfa26 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-ipv6.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + vpcCni: + env: + - name: ENABLE_PREFIX_DELEGATION + value: "true" + - name: ENABLE_IPv6 + value: "true" + - name: ENABLE_IPv4 + value: "false" + network: + vpc: + ipv6: {} + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" + addons: + - name: "vpc-cni" + version: "v1.11.0-eksbuild.1" + conflictResolution: "overwrite" + - name: "coredns" + version: "v1.8.7-eksbuild.1" + - name: "kube-proxy" + version: "v1.22.6-eksbuild.1" + +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: "${CLUSTER_NAME}" + version: "${KUBERNETES_VERSION}" + bootstrap: + configRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 + kind: EKSConfigTemplate + infrastructureRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + instanceType: "${AWS_NODE_MACHINE_TYPE}" + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 +kind: EKSConfigTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: {} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-machinepool.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-machinepool.yaml new file mode 100644 index 00000000..9ae1e6dc --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-machinepool.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 + kind: EKSConfig + name: "${CLUSTER_NAME}-mp-0" + clusterName: "${CLUSTER_NAME}" + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachinePool + name: "${CLUSTER_NAME}-mp-0" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: + minSize: 1 + maxSize: 10 + awsLaunchTemplate: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: "${AWS_NODE_MACHINE_TYPE}" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 +kind: EKSConfig +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: {} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-gpu.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-gpu.yaml new file mode 100644 index 00000000..adfe109c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-gpu.yaml @@ -0,0 +1,145 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" + labels: + gpu: "nvidia" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" + addons: + - name: "vpc-cni" + version: "${VPC_ADDON_VERSION:=v1.7.5-eksbuild.1}" + conflictResolution: "overwrite" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + amiType: "AL2_x86_64_GPU" + instanceType: "g4dn.xlarge" +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-nvidia +spec: + strategy: "ApplyOnce" + clusterSelector: + matchLabels: + gpu: "nvidia" + resources: + - name: nvidia-addon + kind: ConfigMap +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nvidia-addon +data: + nvidia-device-plugin.yaml: | + # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: nvidia-device-plugin-daemonset + namespace: kube-system + spec: + selector: + matchLabels: + name: nvidia-device-plugin-ds + updateStrategy: + type: RollingUpdate + template: + metadata: + # This annotation is deprecated. Kept here for backward compatibility + # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + name: nvidia-device-plugin-ds + spec: + tolerations: + # This toleration is deprecated. Kept here for backward compatibility + # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + - key: CriticalAddonsOnly + operator: Exists + - key: nvidia.com/gpu + operator: Exists + effect: NoSchedule + # Mark this pod as a critical add-on; when enabled, the critical add-on + # scheduler reserves resources for critical add-on pods so that they can + # be rescheduled after a failure. + # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + priorityClassName: "system-node-critical" + containers: + - image: nvidia/k8s-device-plugin:v0.8.0 + name: nvidia-device-plugin-ctr + args: ["--fail-on-init-error=false"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins + volumes: + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-vpccni.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-vpccni.yaml new file mode 100644 index 00000000..bae62e11 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool-vpccni.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" + addons: + - name: "vpc-cni" + version: "${VPC_ADDON_VERSION:=v1.7.5-eksbuild.1}" + conflictResolution: "overwrite" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: {} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool.yaml new file mode 100644 index 00000000..1db30a2c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks-managedmachinepool.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: {} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks.yaml new file mode 100644 index 00000000..033ddde7 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-eks.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: "${CLUSTER_NAME}" + version: "${KUBERNETES_VERSION}" + bootstrap: + configRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 + kind: EKSConfigTemplate + infrastructureRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + instanceType: "${AWS_NODE_MACHINE_TYPE}" + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 +kind: EKSConfigTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: {} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-external-cloud-provider.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-external-cloud-provider.yaml new file mode 100644 index 00000000..60d17ac1 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-external-cloud-provider.yaml @@ -0,0 +1,992 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: external + cni: ${CLUSTER_NAME}-crs-0 + csi: external + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: ${CLUSTER_NAME} +spec: + network: + vpc: + availabilityZoneUsageLimit: 1 + region: ${AWS_REGION} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + template: + spec: + iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_NODE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' +--- +apiVersion: v1 +data: ${CNI_RESOURCES} +kind: ConfigMap +metadata: + name: cni-${CLUSTER_NAME}-crs-0 +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: ${CLUSTER_NAME}-crs-0 +spec: + clusterSelector: + matchLabels: + cni: ${CLUSTER_NAME}-crs-0 + resources: + - kind: ConfigMap + name: cni-${CLUSTER_NAME}-crs-0 + strategy: ApplyOnce +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-ccm +spec: + clusterSelector: + matchLabels: + ccm: external + resources: + - kind: ConfigMap + name: cloud-controller-manager-addon + strategy: ApplyOnce +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-csi +spec: + clusterSelector: + matchLabels: + csi: external + resources: + - kind: ConfigMap + name: aws-ebs-csi-driver-addon + strategy: ApplyOnce +--- +apiVersion: v1 +data: + aws-ccm-external.yaml: | + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: aws-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: aws-cloud-controller-manager + spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: aws-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: aws-cloud-controller-manager + image: gcr.io/k8s-staging-provider-aws/cloud-controller-manager:v1.20.0-alpha.0 + args: + - --v=2 + resources: + requests: + cpu: 200m + hostNetwork: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - '*' + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: cloud-controller-manager-addon +--- +apiVersion: v1 +data: + aws-ebs-csi-external.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: aws-secret + namespace: kube-system + stringData: + key_id: "" + access_key: "" + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-attacher-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-provisioner-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-resizer-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-snapshotter-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-attacher-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-attacher-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-provisioner-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-provisioner-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-resizer-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-resizer-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-snapshotter-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-snapshotter-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + containers: + - args: + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: key_id + name: aws-secret + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: aws-secret + optional: true + image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.2.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --feature-gates=Topology=true + - --extra-create-metadata + - --leader-election=true + - --default-fstype=ext4 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-provisioner:v2.1.1 + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-attacher:v3.1.0 + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-snapshotter:v3.0.3 + name: csi-snapshotter + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-resizer:v1.0.0 + imagePullPolicy: Always + name: csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8.io/sig-storage/livenessprobe:v2.2.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: ebs-csi-controller-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + - key: node-role.kubernetes.io/master + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + volumes: + - emptyDir: {} + name: socket-dir + --- + apiVersion: policy/v1beta1 + kind: PodDisruptionBudget + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + maxUnavailable: 1 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node + namespace: kube-system + spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + containers: + - args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: registry.k8.io/provider-aws/aws-ebs-csi-driver:v1.2.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /dev + name: device-dir + - args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + image: registry.k8.io/sig-storage/csi-node-driver-registrar:v2.1.0 + name: node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8.io/sig-storage/livenessprobe:v2.2.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: plugin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: ebs-csi-node-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate + --- + apiVersion: storage.k8s.io/v1 + kind: CSIDriver + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs.csi.aws.com + spec: + attachRequired: true + podInfoOnMount: false +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: aws-ebs-csi-driver-addon diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-flatcar.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-flatcar.yaml new file mode 100644 index 00000000..fa1e346c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-flatcar.yaml @@ -0,0 +1,167 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + s3Bucket: + controlPlaneIAMInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + name: "${AWS_S3_BUCKET_NAME}" + nodesIAMInstanceProfiles: + - nodes.cluster-api-provider-aws.sigs.k8s.io +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + machineTemplate: + infrastructureRef: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + name: $${COREOS_EC2_HOSTNAME} + kubeletExtraArgs: + cloud-provider: external + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + joinConfiguration: + nodeRegistration: + name: $${COREOS_EC2_HOSTNAME} + kubeletExtraArgs: + cloud-provider: external + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + enabled: true + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + # kubeadm must run after coreos-metadata populated /run/metadata directory. + Requires=coreos-metadata.service + After=coreos-metadata.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + [Service] + # To make metadata environment variables available for pre-kubeadm commands. + EnvironmentFile=/run/metadata/* + preKubeadmCommands: + - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp + - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + template: + spec: + instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + imageLookupBaseOS: flatcar-stable + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: ${CLUSTER_NAME} + version: ${KUBERNETES_VERSION} + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + instanceType: ${AWS_NODE_MACHINE_TYPE} + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + imageLookupBaseOS: flatcar-stable + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: $${COREOS_EC2_HOSTNAME} + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + enabled: true + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + # kubeadm must run after coreos-metadata populated /run/metadata directory. + Requires=coreos-metadata.service + After=coreos-metadata.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + [Service] + # To make metadata environment variables available for pre-kubeadm commands. + EnvironmentFile=/run/metadata/* + preKubeadmCommands: + - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp + - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-machinepool.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-machinepool.yaml new file mode 100644 index 00000000..3b6aeacb --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-machinepool.yaml @@ -0,0 +1,131 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + machineTemplate: + infrastructureRef: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: aws + controllerManager: + extraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + version: "${KUBERNETES_VERSION}" +--- +kind: AWSMachineTemplate +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + template: + spec: + instanceType: "${AWS_CONTROL_PLANE_MACHINE_TYPE}" + iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + minSize: 1 + maxSize: 10 + availabilityZones: + - "${AWS_AVAILABILITY_ZONE}" + awsLaunchTemplate: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: "${AWS_NODE_MACHINE_TYPE}" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineHealthCheck +metadata: + name: "${CLUSTER_NAME}-kcp-unhealthy" +spec: + clusterName: "${CLUSTER_NAME}" + maxUnhealthy: 100% + selector: + matchLabels: + cluster.x-k8s.io/control-plane: "" + unhealthyConditions: + - type: Ready + status: Unknown + timeout: 300s + - type: Ready + status: "False" + timeout: 300s \ No newline at end of file diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-multitenancy-clusterclass.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-multitenancy-clusterclass.yaml new file mode 100644 index 00000000..73c9ee8e --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-multitenancy-clusterclass.yaml @@ -0,0 +1,297 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: multi-tenancy +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: multi-tenancy-control-plane + machineInfrastructure: + ref: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: multi-tenancy-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + name: multi-tenancy + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: multi-tenancy-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: multi-tenancy-worker-machinetemplate + variables: + - name: region + required: true + schema: + openAPIV3Schema: + type: string + default: us-east-1 + - name: sshKeyName + required: true + schema: + openAPIV3Schema: + type: string + default: default + - name: controlPlaneMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + - name: workerMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + - name: bastionEnabled + required: false + schema: + openAPIV3Schema: + type: boolean + - name: vpcAZUsageLimit + required: false + schema: + openAPIV3Schema: + type: integer + - name: identityRef + required: false + schema: + openAPIV3Schema: + type: object + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + patches: + - name: awsClusterTemplateGeneral + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: add + path: "/spec/template/spec/region" + valueFrom: + variable: region + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: sshKeyName + - op: replace + path: "/spec/template/spec/bastion/enabled" + valueFrom: + variable: bastionEnabled + - op: replace + path: "/spec/template/spec/network/vpc/availabilityZoneUsageLimit" + valueFrom: + variable: vpcAZUsageLimit + - op: replace + path: "/spec/template/spec/identityRef" + valueFrom: + variable: identityRef + - name: awsMachineTemplateControlPlane + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: replace + path: "/spec/template/spec/instanceType" + valueFrom: + variable: controlPlaneMachineType + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: sshKeyName + - name: awsMachineTemplateWorker + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: "/spec/template/spec/instanceType" + valueFrom: + variable: workerMachineType + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: sshKeyName +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterTemplate +metadata: + name: multi-tenancy +spec: + template: + spec: {} +--- +kind: KubeadmControlPlaneTemplate +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: multi-tenancy-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: aws + controllerManager: + extraArgs: + cloud-provider: aws + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: multi-tenancy-control-plane +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: multi-tenancy-worker-machinetemplate +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "multi-tenancy-worker-bootstraptemplate" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: ${CLUSTER_NAME}-crs-0 + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: multi-tenancy + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: region + value: ${AWS_REGION} + - name: sshKeyName + value: ${AWS_SSH_KEY_NAME} + - name: controlPlaneMachineType + value: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + - name: workerMachineType + value: ${AWS_NODE_MACHINE_TYPE} + - name: bastionEnabled + value: true + - name: vpcAZUsageLimit + value: 1 + - name: identityRef + value: + kind: AWSClusterRoleIdentity + name: ${MULTI_TENANCY_NESTED_IDENTITY_NAME} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- +apiVersion: v1 +data: ${CNI_RESOURCES} +kind: ConfigMap +metadata: + name: cni-${CLUSTER_NAME}-crs-0 +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: ${CLUSTER_NAME}-crs-0 +spec: + clusterSelector: + matchLabels: + cni: ${CLUSTER_NAME}-crs-0 + resources: + - kind: ConfigMap + name: cni-${CLUSTER_NAME}-crs-0 + strategy: ApplyOnce +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterRoleIdentity +metadata: + name: ${MULTI_TENANCY_JUMP_IDENTITY_NAME} +spec: + allowedNamespaces: {} + durationSeconds: 900 + roleARN: ${MULTI_TENANCY_JUMP_ROLE_ARN} + sessionName: ${MULTI_TENANCY_JUMP_IDENTITY_NAME}-session + sourceIdentityRef: + kind: AWSClusterControllerIdentity + name: default +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterRoleIdentity +metadata: + name: ${MULTI_TENANCY_NESTED_IDENTITY_NAME} +spec: + allowedNamespaces: {} + roleARN: ${MULTI_TENANCY_NESTED_ROLE_ARN} + sessionName: ${MULTI_TENANCY_NESTED_IDENTITY_NAME}-session + sourceIdentityRef: + kind: AWSClusterRoleIdentity + name: ${MULTI_TENANCY_JUMP_IDENTITY_NAME} diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template-simple-clusterclass.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template-simple-clusterclass.yaml new file mode 100644 index 00000000..c0a52ee3 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template-simple-clusterclass.yaml @@ -0,0 +1,242 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: ${CLUSTER_NAME}-crs-0 + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: quick-start + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: region + value: ${AWS_REGION} + - name: sshKeyName + value: ${AWS_SSH_KEY_NAME} + - name: controlPlaneMachineType + value: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + - name: workerMachineType + value: ${AWS_NODE_MACHINE_TYPE} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: quick-start +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: quick-start-control-plane + machineInfrastructure: + ref: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: quick-start-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + name: quick-start + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: quick-start-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: quick-start-worker-machinetemplate + variables: + - name: region + required: true + schema: + openAPIV3Schema: + type: string + default: us-east-1 + - name: sshKeyName + required: true + schema: + openAPIV3Schema: + type: string + default: default + - name: controlPlaneMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + - name: workerMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + patches: + - name: region + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: add + path: /spec/template/spec/region + valueFrom: + variable: region + - name: sshKeyName + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: add + path: /spec/template/spec/sshKeyName + valueFrom: + variable: sshKeyName + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + controlPlane: true + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: /spec/template/spec/sshKeyName + valueFrom: + variable: sshKeyName + - name: controlPlaneMachineType + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: replace + path: /spec/template/spec/instanceType + valueFrom: + variable: controlPlaneMachineType + - name: workerMachineType + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: /spec/template/spec/instanceType + valueFrom: + variable: workerMachineType +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterTemplate +metadata: + name: quick-start +spec: + template: + spec: { } +--- +kind: KubeadmControlPlaneTemplate +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: quick-start-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: aws + controllerManager: + extraArgs: + cloud-provider: aws + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: quick-start-control-plane +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: quick-start-worker-machinetemplate +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "quick-start-worker-bootstraptemplate" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: v1 +data: ${CNI_RESOURCES} +kind: ConfigMap +metadata: + name: cni-${CLUSTER_NAME}-crs-0 +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: ${CLUSTER_NAME}-crs-0 +spec: + clusterSelector: + matchLabels: + cni: ${CLUSTER_NAME}-crs-0 + resources: + - kind: ConfigMap + name: cni-${CLUSTER_NAME}-crs-0 + strategy: ApplyOnce diff --git a/files/cluster-api-provider-aws/v2.3.5/cluster-template.yaml b/files/cluster-api-provider-aws/v2.3.5/cluster-template.yaml new file mode 100644 index 00000000..3a9cfffd --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/cluster-template.yaml @@ -0,0 +1,969 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: external + csi: external + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: ${CLUSTER_NAME} +spec: + region: ${AWS_REGION} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + template: + spec: + iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_NODE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-ccm +spec: + clusterSelector: + matchLabels: + ccm: external + resources: + - kind: ConfigMap + name: cloud-controller-manager-addon + strategy: ApplyOnce +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-csi +spec: + clusterSelector: + matchLabels: + csi: external + resources: + - kind: ConfigMap + name: aws-ebs-csi-driver-addon + strategy: ApplyOnce +--- +apiVersion: v1 +data: + aws-ccm-external.yaml: | + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: aws-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: aws-cloud-controller-manager + spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: aws-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: aws-cloud-controller-manager + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.3 + args: + - --v=2 + - --cloud-provider=aws + - --use-service-account-credentials=true + - --configure-cloud-routes=false + resources: + requests: + cpu: 200m + hostNetwork: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - '*' + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: cloud-controller-manager-addon +--- +apiVersion: v1 +data: + aws-ebs-csi-external.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: aws-secret + namespace: kube-system + stringData: + key_id: "" + access_key: "" + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-attacher-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-provisioner-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-resizer-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-snapshotter-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-attacher-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-attacher-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-provisioner-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-provisioner-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-resizer-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-resizer-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-snapshotter-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-snapshotter-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + containers: + - args: + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: key_id + name: aws-secret + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: aws-secret + optional: true + image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.25.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --feature-gates=Topology=true + - --extra-create-metadata + - --leader-election=true + - --default-fstype=ext4 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + name: csi-snapshotter + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: Always + name: csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: ebs-csi-controller-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + - key: node-role.kubernetes.io/master + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + volumes: + - emptyDir: {} + name: socket-dir + --- + apiVersion: policy/v1beta1 + kind: PodDisruptionBudget + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + maxUnavailable: 1 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node + namespace: kube-system + spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + containers: + - args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.25.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /dev + name: device-dir + - args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2 + name: node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: plugin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: ebs-csi-node-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate + --- + apiVersion: storage.k8s.io/v1 + kind: CSIDriver + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs.csi.aws.com + spec: + attachRequired: true + podInfoOnMount: false +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: aws-ebs-csi-driver-addon diff --git a/files/cluster-api-provider-aws/v2.3.5/infrastructure-components.yaml b/files/cluster-api-provider-aws/v2.3.5/infrastructure-components.yaml new file mode 100644 index 00000000..141ed0f7 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/infrastructure-components.yaml @@ -0,0 +1,14049 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterControllerIdentity + listKind: AWSClusterControllerIdentityList + plural: awsclustercontrolleridentities + shortNames: + - awsci + singular: awsclustercontrolleridentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities + API It is used to grant access to use Cluster API Provider AWS Controller + credentials. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterControllerIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: true + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities + API It is used to grant access to use Cluster API Provider AWS Controller + credentials. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterControllerIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclusterroleidentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterRoleIdentity + listKind: AWSClusterRoleIdentityList + plural: awsclusterroleidentities + shortNames: + - awsri + singular: awsclusterroleidentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities + API It is used to assume a role using the provided sourceRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterRoleIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + durationSeconds: + description: The duration, in seconds, of the role session before + it is renewed. + format: int32 + maximum: 43200 + minimum: 900 + type: integer + externalID: + description: A unique identifier that might be required when you assume + a role in another account. If the administrator of the account to + which the role belongs provided you with an external ID, then provide + that value in the ExternalId parameter. This value can be any string, + such as a passphrase or account number. A cross-account role is + usually set up to trust everyone in an account. Therefore, the administrator + of the trusting account might send an external ID to the administrator + of the trusted account. That way, only someone with the ID can assume + the role, rather than everyone in the account. For more information + about the external ID, see How to Use an External ID When Granting + Access to Your AWS Resources to a Third Party in the IAM User Guide. + type: string + inlinePolicy: + description: An IAM policy as a JSON-encoded string that you want + to use as an inline session policy. + type: string + policyARNs: + description: The Amazon Resource Names (ARNs) of the IAM managed policies + that you want to use as managed session policies. The policies must + exist in the same account as the role. + items: + type: string + type: array + roleARN: + description: The Amazon Resource Name (ARN) of the role to assume. + type: string + sessionName: + description: An identifier for the assumed role session + type: string + sourceIdentityRef: + description: SourceIdentityRef is a reference to another identity + which will be chained to do role assumption. All identity types + are accepted. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + required: + - roleARN + type: object + type: object + served: true + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities + API It is used to assume a role using the provided sourceRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterRoleIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + durationSeconds: + description: The duration, in seconds, of the role session before + it is renewed. + format: int32 + maximum: 43200 + minimum: 900 + type: integer + externalID: + description: A unique identifier that might be required when you assume + a role in another account. If the administrator of the account to + which the role belongs provided you with an external ID, then provide + that value in the ExternalId parameter. This value can be any string, + such as a passphrase or account number. A cross-account role is + usually set up to trust everyone in an account. Therefore, the administrator + of the trusting account might send an external ID to the administrator + of the trusted account. That way, only someone with the ID can assume + the role, rather than everyone in the account. For more information + about the external ID, see How to Use an External ID When Granting + Access to Your AWS Resources to a Third Party in the IAM User Guide. + type: string + inlinePolicy: + description: An IAM policy as a JSON-encoded string that you want + to use as an inline session policy. + type: string + policyARNs: + description: The Amazon Resource Names (ARNs) of the IAM managed policies + that you want to use as managed session policies. The policies must + exist in the same account as the role. + items: + type: string + type: array + roleARN: + description: The Amazon Resource Name (ARN) of the role to assume. + type: string + sessionName: + description: An identifier for the assumed role session + type: string + sourceIdentityRef: + description: SourceIdentityRef is a reference to another identity + which will be chained to do role assumption. All identity types + are accepted. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + required: + - roleARN + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSCluster + listKind: AWSClusterList + plural: awsclusters + shortNames: + - awsc + singular: awscluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for EC2 instances + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the cluster is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration for + customizing control plane behavior. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for classic + ELB health check target default value is ClassicELBProtocolSSL + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to a identity to be used when + reconciling this cluster + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + type: object + type: array + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting S3 + bucket for this cluster - currently used for nodes requiring Ignition + (https://coreos.github.io/ignition/) for bootstrapping (requires + BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, + which will be allowed to read control-plane node bootstrap data + from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM instance + profiles, which will be allowed to read worker nodes bootstrap + data from S3 Bucket. + items: + type: string + type: array + required: + - controlPlaneIAMInstanceProfile + - name + - nodesIAMInstanceProfiles + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + type: object + status: + description: AWSClusterStatus defines the observed state of AWSCluster. + properties: + bastion: + description: Instance describes an AWS instance. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + networkStatus: + description: NetworkStatus encapsulates AWS networking resources. + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server classic + load balancer. + properties: + attributes: + description: Attributes defines extra attributes associated + with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: Listeners is an array of classic elb listeners + associated with the load balancer. There must be at least + one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ClassicELBProtocol defines listener protocols + for a classic load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ClassicELBProtocol defines listener protocols + for a classic load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + type: string + fromPort: + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + default: false + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for EC2 instances + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the cluster is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration for + customizing control plane behavior. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired state + of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the additional + listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning issue + solution that adds the NLB's address as 127.0.0.1 to the hosts + file of each instance. This is by default, false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for ELB + health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the control + plane load balancer. + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if preservation + of client ips must be retained or not. If this is enabled 6443 + will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to a identity to be used when + reconciling this cluster + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + partition: + description: Partition is the AWS security partition being used. Defaults + to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting S3 + bucket for this cluster - currently used for nodes requiring Ignition + (https://coreos.github.io/ignition/) for bootstrapping (requires + BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, + which will be allowed to read control-plane node bootstrap data + from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM instance + profiles, which will be allowed to read worker nodes bootstrap + data from S3 Bucket. + items: + type: string + type: array + presignedURLDuration: + description: "PresignedURLDuration defines the duration for which + presigned URLs are valid. \n This is used to generate presigned + URLs for S3 Bucket objects, which are used by control-plane + and worker nodes to fetch bootstrap data. \n When enabled, the + IAM instance profiles specified are not used." + type: string + required: + - name + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + type: object + status: + description: AWSClusterStatus defines the observed state of AWSCluster. + properties: + bastion: + description: Instance describes an AWS instance. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + networkStatus: + description: NetworkStatus encapsulates AWS networking resources. + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + default: false + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclusterstaticidentities.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterStaticIdentity + listKind: AWSClusterStaticIdentityList + plural: awsclusterstaticidentities + shortNames: + - awssi + singular: awsclusterstaticidentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities + API It represents a reference to an AWS access key ID and secret access + key, stored in a secret. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterStaticIdentity + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + secretRef: + description: 'Reference to a secret containing the credentials. The + secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: + Optional' + type: string + required: + - secretRef + type: object + type: object + served: true + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities + API It represents a reference to an AWS access key ID and secret access + key, stored in a secret. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterStaticIdentity + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + secretRef: + description: 'Reference to a secret containing the credentials. The + secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: + Optional' + type: string + required: + - secretRef + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterTemplate + listKind: AWSClusterTemplateList + plural: awsclustertemplates + shortNames: + - awsct + singular: awsclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of AWSClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes + Cluster Templates. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. + properties: + template: + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to AWS resources managed by the AWS provider, in addition + to the ones added by default. + type: object + bastion: + description: Bastion contains options to configure the bastion + host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks + allowed to access the bastion host. They are set as + ingress rules for the Bastion host's Security Group + (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the + bastion. If not specified, the AMI will default to one + picked out in public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are + no Ingress rules in the bastion host's security group. + Requires AllowedCIDRBlocks to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a + bastion host instance with a public ip to access the + VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance + type for the bastion. If not specified, Cluster API + Provider AWS will use t3.micro for all regions except + us-east-1, where t2.micro will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for classic ELB health check target default value is + ClassicELBProtocolSSL + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to a identity to be + used when reconciling this cluster + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system used to look up machine images when a machine does + not specify an AMI. When set, this will be used for all + cluster machines unless a machine specifies a different + ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. Supports + substitutions for {{.BaseOS}} and {{.K8sVersion}} with the + base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to + AWS network. + properties: + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply + to control plane and worker node security groups. + The source for the rule will be set to control plane + and worker security group IDs. + items: + description: CNIIngressRule defines an AWS ingress + rule for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set + of security groups to use for cluster instances This + is optional - if not provided new security groups will + be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability + zone to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block + to be used when the provider creates a managed + VPC. A subnet can have an IPv4 and an IPv6 address. + IPv6 is only supported in managed clusters, this + field cannot be set on AWSCluster object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 + subnet. A subnet is IPv6 when it is associated + with a VPC that has IPv6 enabled. IPv6 is only + supported in managed clusters, this field cannot + be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public + subnet. A subnet is public when it is associated + with a route table that has a route to an internet + gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id + associated with the subnet. Ignored unless the + subnet is managed by the provider, in which case + this is set on the public subnet where the NAT + gateway resides. It is then used to determine + routes for private subnets in the same AZ as the + public subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id + associated with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: array + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies + how AZs should be selected if there are more AZs + in a region than specified by AvailabilityZoneUsageLimit. + There are 2 selection schemes: Ordered - selects + based on alphabetical order Random - selects AZs + randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies + the maximum number of availability zones (AZ) that + should be used in a region when automatically creating + subnets. If a region has more than this number of + AZs then this number of AZs will be picked randomly + when creating default subnets. Defaults to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. Defaults + to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider + should use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet + gateway associated with the VPC. + type: string + ipv6: + description: IPv6 contains ipv6 specific settings + for the network. Supported only in managed clusters. + This field cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided + by Amazon when VPC has enabled IPv6. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the + id of the egress only internet gateway associated + with an IPv6 enabled VPC. + type: string + poolId: + description: PoolID is the IP pool which must + be defined in case of BYO IP is defined. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting + S3 bucket for this cluster - currently used for nodes requiring + Ignition (https://coreos.github.io/ignition/) for bootstrapping + (requires BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name + of the IAMInstanceProfile, which will be allowed to + read control-plane node bootstrap data from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM + instance profiles, which will be allowed to read worker + nodes bootstrap data from S3 Bucket. + items: + type: string + type: array + required: + - controlPlaneIAMInstanceProfile + - name + - nodesIAMInstanceProfiles + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the bastion host. Valid values are empty string (do not + use SSH keys), a valid SSH key name, or omitted (use the + default SSH key name) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of AWSClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes + Cluster Templates. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. + properties: + template: + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to AWS resources managed by the AWS provider, in addition + to the ones added by default. + type: object + bastion: + description: Bastion contains options to configure the bastion + host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks + allowed to access the bastion host. They are set as + ingress rules for the Bastion host's Security Group + (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the + bastion. If not specified, the AMI will default to one + picked out in public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are + no Ingress rules in the bastion host's security group. + Requires AllowedCIDRBlocks to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a + bastion host instance with a public ip to access the + VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance + type for the bastion. If not specified, Cluster API + Provider AWS will use t3.micro for all regions except + us-east-1, where t2.micro will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired + state of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the + additional listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning + issue solution that adds the NLB's address as 127.0.0.1 + to the hosts file of each instance. This is by default, + false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for ELB health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the + control plane load balancer. + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load + balancer. The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if + preservation of client ips must be retained or not. + If this is enabled 6443 will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to a identity to be + used when reconciling this cluster + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system used to look up machine images when a machine does + not specify an AMI. When set, this will be used for all + cluster machines unless a machine specifies a different + ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. Supports + substitutions for {{.BaseOS}} and {{.K8sVersion}} with the + base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to + AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an + optional set of ingress rules to add to the control + plane + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply + to control plane and worker node security groups. + The source for the rule will be set to control plane + and worker security group IDs. + items: + description: CNIIngressRule defines an AWS ingress + rule for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set + of security groups to use for cluster instances This + is optional - if not provided new security groups will + be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability + zone to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to + reference this resource. If you're bringing your + subnet, set the AWS subnet-id here, it must start + with `subnet-`. \n When the VPC is managed by + CAPA, and you'd like the provider to create a + subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon + creation, the subnet AWS identifier will be populated + in the `ResourceID` field and the `id` field is + going to be used as the subnet name. If you specify + a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block + to be used when the provider creates a managed + VPC. A subnet can have an IPv4 and an IPv6 address. + IPv6 is only supported in managed clusters, this + field cannot be set on AWSCluster object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 + subnet. A subnet is IPv6 when it is associated + with a VPC that has IPv6 enabled. IPv6 is only + supported in managed clusters, this field cannot + be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public + subnet. A subnet is public when it is associated + with a route table that has a route to an internet + gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id + associated with the subnet. Ignored unless the + subnet is managed by the provider, in which case + this is set on the public subnet where the NAT + gateway resides. It is then used to determine + routes for private subnets in the same AZ as the + public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier + from AWS, READ ONLY. This field is populated when + the provider manages the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id + associated with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies + how AZs should be selected if there are more AZs + in a region than specified by AvailabilityZoneUsageLimit. + There are 2 selection schemes: Ordered - selects + based on alphabetical order Random - selects AZs + randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies + the maximum number of availability zones (AZ) that + should be used in a region when automatically creating + subnets. If a region has more than this number of + AZs then this number of AZs will be picked randomly + when creating default subnets. Defaults to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. Defaults + to 10.0.0.0/16. Mutually exclusive with IPAMPool. + type: string + id: + description: ID is the vpc-id of the VPC this provider + should use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet + gateway associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be + used for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this + provider should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool + this provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR + you want to allocate to VPC from an Amazon VPC + IP Address Manager (IPAM) pool. Defaults to + /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings + for the network. Supported only in managed clusters. + This field cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided + by Amazon when VPC has enabled IPv6. Mutually + exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the + id of the egress only internet gateway associated + with an IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool + to be used for VPC. Mutually exclusive with + CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool + this provider should use to create VPC. + type: string + name: + description: Name is the name of the IPAM + pool this provider should use to create + VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 + CIDR you want to allocate to VPC from an + Amazon VPC IP Address Manager (IPAM) pool. + Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must + be defined in case of BYO IP is defined. Must + be specified if CidrBlock is set. Mutually exclusive + with IPAMPool. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + partition: + description: Partition is the AWS security partition being + used. Defaults to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting + S3 bucket for this cluster - currently used for nodes requiring + Ignition (https://coreos.github.io/ignition/) for bootstrapping + (requires BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name + of the IAMInstanceProfile, which will be allowed to + read control-plane node bootstrap data from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM + instance profiles, which will be allowed to read worker + nodes bootstrap data from S3 Bucket. + items: + type: string + type: array + presignedURLDuration: + description: "PresignedURLDuration defines the duration + for which presigned URLs are valid. \n This is used + to generate presigned URLs for S3 Bucket objects, which + are used by control-plane and worker nodes to fetch + bootstrap data. \n When enabled, the IAM instance profiles + specified are not used." + type: string + required: + - name + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the bastion host. Valid values are empty string (do not + use SSH keys), a valid SSH key name, or omitted (use the + default SSH key name) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsfargateprofiles.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSFargateProfile + listKind: AWSFargateProfileList + plural: awsfargateprofiles + shortNames: + - awsfp + singular: awsfargateprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AWSFargateProfile ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EKS Fargate profile name + jsonPath: .spec.profileName + name: ProfileName + type: string + - description: Failure reason + jsonPath: .status.failureReason + name: FailureReason + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSFargateProfile is the Schema for the awsfargateprofiles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FargateProfileSpec defines the desired state of FargateProfile. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + profileName: + description: ProfileName specifies the profile name. + type: string + roleName: + description: RoleName specifies the name of IAM role for this fargate + pool If the role is pre-existing we will treat it as unmanaged and + not delete it on deletion. If the EKSEnableIAM feature flag is true + and no name is supplied then a role is created. + type: string + selectors: + description: Selectors specify fargate pod selectors. + items: + description: FargateSelector specifies a selector for pods that + should run on this fargate pool. + properties: + labels: + additionalProperties: + type: string + description: Labels specifies which pod labels this selector + should match. + type: object + namespace: + description: Namespace specifies which namespace this selector + should match. + type: string + type: object + type: array + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup. + items: + type: string + type: array + required: + - clusterName + type: object + status: + description: FargateProfileStatus defines the observed state of FargateProfile. + properties: + conditions: + description: Conditions defines current state of the Fargate profile. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the FargateProfile's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of FargateProfiles can + be added as events to the FargateProfile object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the FargateProfile's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of FargateProfiles can be added + as events to the FargateProfile object and/or logged in the controller's + output." + type: string + ready: + default: false + description: Ready denotes that the FargateProfile is available. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: AWSFargateProfile ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EKS Fargate profile name + jsonPath: .spec.profileName + name: ProfileName + type: string + - description: Failure reason + jsonPath: .status.failureReason + name: FailureReason + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSFargateProfile is the Schema for the awsfargateprofiles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FargateProfileSpec defines the desired state of FargateProfile. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + profileName: + description: ProfileName specifies the profile name. + type: string + roleName: + description: RoleName specifies the name of IAM role for this fargate + pool If the role is pre-existing we will treat it as unmanaged and + not delete it on deletion. If the EKSEnableIAM feature flag is true + and no name is supplied then a role is created. + type: string + selectors: + description: Selectors specify fargate pod selectors. + items: + description: FargateSelector specifies a selector for pods that + should run on this fargate pool. + properties: + labels: + additionalProperties: + type: string + description: Labels specifies which pod labels this selector + should match. + type: object + namespace: + description: Namespace specifies which namespace this selector + should match. + type: string + type: object + type: array + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup. + items: + type: string + type: array + required: + - clusterName + type: object + status: + description: FargateProfileStatus defines the observed state of FargateProfile. + properties: + conditions: + description: Conditions defines current state of the Fargate profile. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the FargateProfile's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of FargateProfiles can + be added as events to the FargateProfile object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the FargateProfile's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of FargateProfiles can be added + as events to the FargateProfile object and/or logged in the controller's + output." + type: string + ready: + default: false + description: Ready denotes that the FargateProfile is available. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachinePool + listKind: AWSMachinePoolList + plural: awsmachinepools + shortNames: + - awsmp + singular: awsmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Machine ready status + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Minimum instanes in ASG + jsonPath: .spec.minSize + name: MinSize + type: integer + - description: Maximum instanes in ASG + jsonPath: .spec.maxSize + name: MaxSize + type: integer + - description: Launch Template ID + jsonPath: .status.launchTemplateID + name: LaunchTemplate ID + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachinePool is the Schema for the awsmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + type: object + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template and version + to use when an instance is launched. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityRebalance: + description: Enable or disable the capacity rebalance autoscaling + group feature + type: boolean + defaultCoolDown: + description: The amount of time, in seconds, after a scaling activity + completes before another scaling activity can start. If no value + is supplied by user a default value of 300 seconds is set + type: string + maxSize: + default: 1 + description: MaxSize defines the maximum size of the group. + format: int32 + minimum: 1 + type: integer + minSize: + default: 1 + description: MinSize defines the minimum size of the group. + format: int32 + minimum: 0 + type: integer + mixedInstancesPolicy: + description: MixedInstancesPolicy describes how multiple instance + types will be used by the ASG. + properties: + instancesDistribution: + description: InstancesDistribution to configure distribution of + On-Demand Instances and Spot Instances. + properties: + onDemandAllocationStrategy: + default: prioritized + description: OnDemandAllocationStrategy indicates how to allocate + instance types to fulfill On-Demand capacity. + enum: + - prioritized + type: string + onDemandBaseCapacity: + default: 0 + format: int64 + type: integer + onDemandPercentageAboveBaseCapacity: + default: 100 + format: int64 + type: integer + spotAllocationStrategy: + default: lowest-price + description: SpotAllocationStrategy indicates how to allocate + instances across Spot Instance pools. + enum: + - lowest-price + - capacity-optimized + type: string + type: object + overrides: + items: + description: Overrides are used to override the instance type + specified by the launch template with multiple instance types + that can be used to launch On-Demand Instances and Spot Instances. + properties: + instanceType: + type: string + required: + - instanceType + type: object + type: array + type: object + providerID: + description: ProviderID is the ARN of the associated ASG + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + refreshPreferences: + description: RefreshPreferences describes set of preferences associated + with the instance refresh request. + properties: + instanceWarmup: + description: The number of seconds until a newly launched instance + is configured and ready to use. During this time, the next replacement + will not be initiated. The default is to use the value for the + health check grace period defined for the group. + format: int64 + type: integer + minHealthyPercentage: + description: The amount of capacity as a percentage in ASG that + must remain healthy during an instance refresh. The default + is 90. + format: int64 + type: integer + strategy: + description: The strategy to use for the instance refresh. The + only valid value is Rolling. A rolling update is an update that + is applied to all instances in an Auto Scaling group until all + instances have been updated. + type: string + type: object + subnets: + description: Subnets is an array of subnet configurations + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + required: + - awsLaunchTemplate + - maxSize + - minSize + type: object + status: + description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. + properties: + asgStatus: + description: ASGStatus is a status string returned by the autoscaling + API. + type: string + conditions: + description: Conditions defines current service state of the AWSMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: AWSMachinePoolInstanceStatus defines the status of + the AWSMachinePoolInstance. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within ASG + type: string + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Machine ready status + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Minimum instanes in ASG + jsonPath: .spec.minSize + name: MinSize + type: integer + - description: Maximum instanes in ASG + jsonPath: .spec.maxSize + name: MaxSize + type: integer + - description: Launch Template ID + jsonPath: .status.launchTemplateID + name: LaunchTemplate ID + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachinePool is the Schema for the awsmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + type: object + availabilityZoneSubnetType: + description: AvailabilityZoneSubnetType specifies which type of subnets + to use when an availability zone is specified. + enum: + - public + - private + - all + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template and version + to use when an instance is launched. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions defines the behavior for + applying metadata to instances. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityRebalance: + description: Enable or disable the capacity rebalance autoscaling + group feature + type: boolean + defaultCoolDown: + description: The amount of time, in seconds, after a scaling activity + completes before another scaling activity can start. If no value + is supplied by user a default value of 300 seconds is set + type: string + maxSize: + default: 1 + description: MaxSize defines the maximum size of the group. + format: int32 + minimum: 1 + type: integer + minSize: + default: 1 + description: MinSize defines the minimum size of the group. + format: int32 + minimum: 0 + type: integer + mixedInstancesPolicy: + description: MixedInstancesPolicy describes how multiple instance + types will be used by the ASG. + properties: + instancesDistribution: + description: InstancesDistribution to configure distribution of + On-Demand Instances and Spot Instances. + properties: + onDemandAllocationStrategy: + default: prioritized + description: OnDemandAllocationStrategy indicates how to allocate + instance types to fulfill On-Demand capacity. + enum: + - prioritized + - lowest-price + type: string + onDemandBaseCapacity: + default: 0 + format: int64 + type: integer + onDemandPercentageAboveBaseCapacity: + default: 100 + format: int64 + type: integer + spotAllocationStrategy: + default: lowest-price + description: SpotAllocationStrategy indicates how to allocate + instances across Spot Instance pools. + enum: + - lowest-price + - capacity-optimized + - capacity-optimized-prioritized + - price-capacity-optimized + type: string + type: object + overrides: + items: + description: Overrides are used to override the instance type + specified by the launch template with multiple instance types + that can be used to launch On-Demand Instances and Spot Instances. + properties: + instanceType: + type: string + required: + - instanceType + type: object + type: array + type: object + providerID: + description: ProviderID is the ARN of the associated ASG + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + refreshPreferences: + description: RefreshPreferences describes set of preferences associated + with the instance refresh request. + properties: + disable: + description: Disable, if true, disables instance refresh from + triggering when new launch templates are detected. This is useful + in scenarios where ASG nodes are externally managed. + type: boolean + instanceWarmup: + description: The number of seconds until a newly launched instance + is configured and ready to use. During this time, the next replacement + will not be initiated. The default is to use the value for the + health check grace period defined for the group. + format: int64 + type: integer + minHealthyPercentage: + description: The amount of capacity as a percentage in ASG that + must remain healthy during an instance refresh. The default + is 90. + format: int64 + type: integer + strategy: + description: The strategy to use for the instance refresh. The + only valid value is Rolling. A rolling update is an update that + is applied to all instances in an Auto Scaling group until all + instances have been updated. + type: string + type: object + subnets: + description: Subnets is an array of subnet configurations + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + suspendProcesses: + description: SuspendProcesses defines a list of processes to suspend + for the given ASG. This is constantly reconciled. If a process is + removed from this list it will automatically be resumed. + properties: + all: + type: boolean + processes: + description: Processes defines the processes which can be enabled + or disabled individually. + properties: + addToLoadBalancer: + type: boolean + alarmNotification: + type: boolean + azRebalance: + type: boolean + healthCheck: + type: boolean + instanceRefresh: + type: boolean + launch: + type: boolean + replaceUnhealthy: + type: boolean + scheduledActions: + type: boolean + terminate: + type: boolean + type: object + type: object + required: + - awsLaunchTemplate + - maxSize + - minSize + type: object + status: + description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. + properties: + asgStatus: + description: ASGStatus is a status string returned by the autoscaling + API. + type: string + conditions: + description: Conditions defines current service state of the AWSMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: AWSMachinePoolInstanceStatus defines the status of + the AWSMachinePoolInstance. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within ASG + type: string + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachine + listKind: AWSMachineList + plural: awsmachines + shortNames: + - awsm + singular: awsmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: EC2 instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EC2 instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this AWSMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachine is the schema for Amazon EC2 machines. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineSpec defines the desired state of an Amazon EC2 + instance. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to + security groups that should be applied to the instance. These security + groups would be set in addition to any security groups defined at + the cluster level or in the actuator. It is possible to specify + either IDs of Filters. Using Filters will cause additional requests + to AWS API and if tags change the attached security groups might + change too. + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + arn: + description: 'ARN of resource. Deprecated: This field has no + function and is going to be removed in the next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + If both the AWSCluster and the AWSMachine specify the same tag name + with different values, the AWSMachine's value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look up + an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true will + not use AWS Secrets Manager or AWS Systems Manager Parameter + Store to ensure privacy of userdata. By default, a cloud-init + boothook shell script is prepended to download the userdata + from Secrets Manager and additionally delete the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used to form + the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret name. This + is stored temporarily, and deleted when the machine registers + as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage to distribute + secrets. By default or with the value of secrets-manager, will + use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. For + this infrastructure provider, the ID is equivalent to an AWS Availability + Zone. If multiple subnets are matched for the availability zone, + the first one returned is picked. + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile + to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition will be + used to generate bootstrap data. + enum: + - "2.3" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + the image for this machine It will be ignored if an explicit AMI + is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced by + kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use for + image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: + m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate with + the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for the + storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should get a + public IP. Precedence for this setting is as follows: 1. This field + if set 2. Cluster/flavor setting 3. Subnet default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options for + the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt the + volume. Can be either a KMS key ID or ARN. If Encrypted is set + and this is omitted, the default AWS key will be used. The key + must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for the + volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + instance. Valid values are empty string (do not use SSH keys), a + valid SSH key name, or omitted (use the default SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + arn: + description: 'ARN of resource. Deprecated: This field has no function + and is going to be removed in the next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by + the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared or + single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user data is + gzip-compressed before it is sent to ec2 instance. cloud-init has + built-in support for gzip-compressed user data user data stored + in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + status: + description: AWSMachineStatus defines the observed state of AWSMachine. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AWSMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this + machine. + type: string + interruptible: + description: Interruptible reports that this machine is using spot + instances and can therefore be interrupted by CAPI when it receives + a notice that the spot instance is to be terminated by AWS. This + will be set to true when SpotMarketOptions is not nil (i.e. this + machine is using a spot instance). + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: EC2 instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EC2 instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this AWSMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachine is the schema for Amazon EC2 machines. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineSpec defines the desired state of an Amazon EC2 + instance. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to + security groups that should be applied to the instance. These security + groups would be set in addition to any security groups defined at + the cluster level or in the actuator. It is possible to specify + either IDs of Filters. Using Filters will cause additional requests + to AWS API and if tags change the attached security groups might + change too. + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + If both the AWSCluster and the AWSMachine specify the same tag name + with different values, the AWSMachine's value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look up + an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true will + not use AWS Secrets Manager or AWS Systems Manager Parameter + Store to ensure privacy of userdata. By default, a cloud-init + boothook shell script is prepended to download the userdata + from Secrets Manager and additionally delete the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used to form + the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret name. This + is stored temporarily, and deleted when the machine registers + as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage to distribute + secrets. By default or with the value of secrets-manager, will + use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile + to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition will be + used to generate bootstrap data. + enum: + - "2.3" + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + the image for this machine It will be ignored if an explicit AMI + is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced by + kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use for + image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for the + EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint on + your instances. \n If you specify a value of disabled, you cannot + access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for instance + metadata requests. The larger the number, the further instance + metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to retrieve + instance metadata with or without a session token on your request. + If you retrieve the IAM role credentials without a token, the + version 1.0 role credentials are returned. If you retrieve the + IAM role credentials using a valid session token, the version + 2.0 role credentials are returned. \n If the state is required, + you must send a session token with any instance metadata retrieval + requests. In this state, retrieving the IAM role credentials + always returns the version 2.0 credentials; the version 1.0 + credentials are not available. \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off access + to instance tags from the instance metadata. For more information, + see Work with instance tags using the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. Example: + m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate with + the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for the + storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should get a + public IP. Precedence for this setting is as follows: 1. This field + if set 2. Cluster/flavor setting 3. Subnet default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options for + the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt the + volume. Can be either a KMS key ID or ARN. If Encrypted is set + and this is omitted, the default AWS key will be used. The key + must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for the + volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + instance. Valid values are empty string (do not use SSH keys), a + valid SSH key name, or omitted (use the default SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by + the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared or + single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user data is + gzip-compressed before it is sent to ec2 instance. cloud-init has + built-in support for gzip-compressed user data user data stored + in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + status: + description: AWSMachineStatus defines the observed state of AWSMachine. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AWSMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this + machine. + type: string + interruptible: + description: Interruptible reports that this machine is using spot + instances and can therefore be interrupted by CAPI when it receives + a notice that the spot instance is to be terminated by AWS. This + will be set to true when SpotMarketOptions is not nil (i.e. this + machine is using a spot instance). + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachineTemplate + listKind: AWSMachineTemplateList + plural: awsmachinetemplates + shortNames: + - awsmt + singular: awsmachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. + properties: + template: + description: AWSMachineTemplateResource describes the data needed + to create am AWSMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instance. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + It is possible to specify either IDs of Filters. Using Filters + will cause additional requests to AWS API and if tags change + the attached security groups might change too. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters + may be specified. Specifying more than one will result + in a validation error. + properties: + arn: + description: 'ARN of resource. Deprecated: This field + has no function and is going to be removed in the + next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according + to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names + are case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the AWS provider. If both the AWSCluster and the AWSMachine + specify the same tag name with different values, the AWSMachine's + value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to + create the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will + look up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true + will not use AWS Secrets Manager or AWS Systems Manager + Parameter Store to ensure privacy of userdata. By default, + a cloud-init boothook shell script is prepended to download + the userdata from Secrets Manager and additionally delete + the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used + to form the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret + name. This is stored temporarily, and deleted when the + machine registers as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage + to distribute secrets. By default or with the value + of secrets-manager, will use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. For this infrastructure provider, the ID is equivalent + to an AWS Availability Zone. If multiple subnets are matched + for the availability zone, the first one returned is picked. + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance + profile to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition + will be used to generate bootstrap data. + enum: + - "2.3" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up the image for this machine It will be ignored if + an explicit AMI is set. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, + respectively. The BaseOS will be the value in ImageLookupBaseOS + or ubuntu (the default), and the kubernetes version as defined + by the packages produced by kubernetes/release without v + as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, + the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + use for image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate + with the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage + volumes. + items: + description: Volume encapsulates the configuration options + for the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should + be encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to + encrypt the volume. Can be either a KMS key ID or + ARN. If Encrypted is set and this is omitted, the + default AWS key will be used. The key must already + exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + type: array + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should + get a public IP. Precedence for this setting is as follows: + 1. This field if set 2. Cluster/flavor setting 3. Subnet + default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be + encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will + be used. The key must already exist and be accessible + by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the instance. Valid values are empty string (do not use + SSH keys), a valid SSH key name, or omitted (use the default + SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for + this instance. If not specified, the cluster subnet will + be used. + properties: + arn: + description: 'ARN of resource. Deprecated: This field + has no function and is going to be removed in the next + release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according to + the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user + data is gzip-compressed before it is sent to ec2 instance. + cloud-init has built-in support for gzip-compressed user + data user data stored in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. + properties: + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Capacity defines the resource capacity for this machine. + This value is used for autoscaling from zero operations as defined + in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md' + type: object + type: object + type: object + served: true + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. + properties: + template: + description: AWSMachineTemplateResource describes the data needed + to create am AWSMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instance. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + It is possible to specify either IDs of Filters. Using Filters + will cause additional requests to AWS API and if tags change + the attached security groups might change too. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters + may be specified. Specifying more than one will result + in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according + to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names + are case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the AWS provider. If both the AWSCluster and the AWSMachine + specify the same tag name with different values, the AWSMachine's + value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to + create the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will + look up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true + will not use AWS Secrets Manager or AWS Systems Manager + Parameter Store to ensure privacy of userdata. By default, + a cloud-init boothook shell script is prepended to download + the userdata from Secrets Manager and additionally delete + the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used + to form the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret + name. This is stored temporarily, and deleted when the + machine registers as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage + to distribute secrets. By default or with the value + of secrets-manager, will use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance + profile to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition + will be used to generate bootstrap data. + enum: + - "2.3" + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up the image for this machine It will be ignored if + an explicit AMI is set. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, + respectively. The BaseOS will be the value in ImageLookupBaseOS + or ubuntu (the default), and the kubernetes version as defined + by the packages produced by kubernetes/release without v + as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, + the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + use for image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options + for the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: + enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit + for instance metadata requests. The larger the number, + the further instance metadata requests can travel. \n + Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance + metadata requests. \n If the state is optional, you + can choose to retrieve instance metadata with or without + a session token on your request. If you retrieve the + IAM role credentials without a token, the version 1.0 + role credentials are returned. If you retrieve the IAM + role credentials using a valid session token, the version + 2.0 role credentials are returned. \n If the state is + required, you must send a session token with any instance + metadata retrieval requests. In this state, retrieving + the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not + available. \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance + tags from the instance metadata. Set to disabled to + turn off access to instance tags from the instance metadata. + For more information, see Work with instance tags using + the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate + with the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage + volumes. + items: + description: Volume encapsulates the configuration options + for the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should + be encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to + encrypt the volume. Can be either a KMS key ID or + ARN. If Encrypted is set and this is omitted, the + default AWS key will be used. The key must already + exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the + placement group in which to launch the instance. + type: string + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should + get a public IP. Precedence for this setting is as follows: + 1. This field if set 2. Cluster/flavor setting 3. Subnet + default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be + encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will + be used. The key must already exist and be accessible + by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the instance. Valid values are empty string (do not use + SSH keys), a valid SSH key name, or omitted (use the default + SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for + this instance. If not specified, the cluster subnet will + be used. + properties: + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according to + the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user + data is gzip-compressed before it is sent to ec2 instance. + cloud-init has built-in support for gzip-compressed user + data user data stored in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. + properties: + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Capacity defines the resource capacity for this machine. + This value is used for autoscaling from zero operations as defined + in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md' + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedCluster + listKind: AWSManagedClusterList + plural: awsmanagedclusters + shortNames: + - awsmc + singular: awsmanagedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedCluster is the Schema for the awsmanagedclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedClusterSpec defines the desired state of AWSManagedCluster + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AWSManagedClusterStatus defines the observed state of AWSManagedCluster + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + ready: + description: Ready is when the AWSManagedControlPlane has a API server + URL. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedControlPlane + listKind: AWSManagedControlPlaneList + plural: awsmanagedcontrolplanes + shortNames: + - awsmcp + singular: awsmanagedcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the control plane is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSManagedControlPlane is the schema for the Amazon EKS Managed + Control Plane API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedControlPlaneSpec defines the desired state of an + Amazon EKS Cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + addons: + description: Addons defines the EKS addons to enable with the EKS + cluster. + items: + description: Addon represents a EKS addon. + properties: + configuration: + description: Configuration of the EKS addon + type: string + conflictResolution: + default: none + description: ConflictResolution is used to declare what should + happen if there are parameter conflicts. Defaults to none + enum: + - overwrite + - none + type: string + name: + description: Name is the name of the addon + minLength: 2 + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of an IAM role + to bind to the addons service account + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - name + - version + type: object + type: array + associateOIDCProvider: + default: false + description: AssociateOIDCProvider can be enabled to automatically + create an identity provider for the controller for use with IAM + roles for service accounts + type: boolean + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableVPCCNI: + default: false + description: DisableVPCCNI indicates that the Amazon VPC CNI should + be disabled. With EKS clusters the Amazon VPC CNI is automatically + installed into the cluster. For clusters where you want to use an + alternate CNI this option provides a way to specify that the Amazon + VPC CNI should be deleted. You cannot set this to true if you are + using the Amazon VPC CNI addon. + type: boolean + eksClusterName: + description: EKSClusterName allows you to specify the name of the + EKS cluster in AWS. If you don't specify a name then a default name + will be created based on the namespace and name of the managed control + plane. + type: string + encryptionConfig: + description: EncryptionConfig specifies the encryption configuration + for the cluster + properties: + provider: + description: Provider specifies the ARN or alias of the CMK (in + AWS KMS) + type: string + resources: + description: Resources specifies the resources to be encrypted + items: + type: string + type: array + type: object + endpointAccess: + description: Endpoints specifies access to this cluster's control + plane endpoints + properties: + private: + description: Private points VPC-internal control plane access + to the private endpoint + type: boolean + public: + description: Public controls whether control plane endpoints are + publicly accessible + type: boolean + publicCIDRs: + description: PublicCIDRs specifies which blocks can access the + public endpoint + items: + type: string + type: array + type: object + iamAuthenticatorConfig: + description: IAMAuthenticatorConfig allows the specification of any + additional user or role mappings for use when generating the aws-iam-authenticator + configuration. If this is nil the default configuration is still + generated for the cluster. + properties: + mapRoles: + description: RoleMappings is a list of role mappings + items: + description: RoleMapping represents a mapping from a IAM role + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + rolearn: + description: RoleARN is the AWS ARN for the role to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - rolearn + - username + type: object + type: array + mapUsers: + description: UserMappings is a list of user mappings + items: + description: UserMapping represents a mapping from an IAM user + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + userarn: + description: UserARN is the AWS ARN for the user to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - userarn + - username + type: object + type: array + type: object + identityRef: + description: IdentityRef is a reference to a identity to be used when + reconciling the managed control plane. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + kubeProxy: + description: KubeProxy defines managed attributes of the kube-proxy + daemonset + properties: + disable: + default: false + description: Disable set to true indicates that kube-proxy should + be disabled. With EKS clusters kube-proxy is automatically installed + into the cluster. For clusters where you want to use kube-proxy + functionality that is provided with an alternate CNI, this option + provides a way to specify that the kube-proxy daemonset should + be deleted. You cannot set this to true if you are using the + Amazon kube-proxy addon. + type: boolean + type: object + logging: + description: Logging specifies which EKS Cluster logs should be enabled. + Entries for each of the enabled logs will be sent to CloudWatch + properties: + apiServer: + default: false + description: APIServer indicates if the Kubernetes API Server + log (kube-apiserver) shoulkd be enabled + type: boolean + audit: + default: false + description: Audit indicates if the Kubernetes API audit log should + be enabled + type: boolean + authenticator: + default: false + description: Authenticator indicates if the iam authenticator + log should be enabled + type: boolean + controllerManager: + default: false + description: ControllerManager indicates if the controller manager + (kube-controller-manager) log should be enabled + type: boolean + scheduler: + default: false + description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) + log should be enabled + type: boolean + required: + - apiServer + - audit + - authenticator + - controllerManager + - scheduler + type: object + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + oidcIdentityProviderConfig: + description: IdentityProviderconfig is used to specify the oidc provider + config to be attached with this eks cluster + properties: + clientId: + description: This is also known as audience. The ID for the client + application that makes authentication requests to the OpenID + identity provider. + type: string + groupsClaim: + description: The JWT claim that the provider uses to return your + groups. + type: string + groupsPrefix: + description: 'The prefix that is prepended to group claims to + prevent clashes with existing names (such as system: groups). + For example, the valueoidc: will create group names like oidc:engineering + and oidc:infra.' + type: string + identityProviderConfigName: + description: "The name of the OIDC provider configuration. \n + IdentityProviderConfigName is a required field" + type: string + issuerUrl: + description: The URL of the OpenID identity provider that allows + the API server to discover public signing keys for verifying + tokens. The URL must begin with https:// and should correspond + to the iss claim in the provider's OIDC ID tokens. Per the OIDC + standard, path components are allowed but query parameters are + not. Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. This URL should point to the level below + .well-known/openid-configuration and must be publicly accessible + over the internet. + type: string + requiredClaims: + additionalProperties: + type: string + description: The key value pairs that describe required claims + in the identity token. If set, each claim is verified to be + present in the token with a matching value. For the maximum + number of claims that you can require, see Amazon EKS service + quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + in the Amazon EKS User Guide. + type: object + tags: + additionalProperties: + type: string + description: tags to apply to oidc identity provider association + type: object + usernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. + The default is sub, which is expected to be a unique identifier + of the end user. You can choose other claims, such as email + or name, depending on the OpenID identity provider. Claims other + than email are prefixed with the issuer URL to prevent naming + clashes with other plug-ins. + type: string + usernamePrefix: + description: The prefix that is prepended to username claims to + prevent clashes with existing names. If you do not provide this + field, and username is a value other than email, the prefix + defaults to issuerurl#. You can use the value - to disable all + prefixing. + type: string + type: object + region: + description: The AWS Region the cluster lives in. + type: string + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the control plane role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role that gives EKS + permission to make API calls. If the role is pre-existing we will + treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM + feature flag is true and no name is supplied then a role is created. + minLength: 2 + type: string + secondaryCidrBlock: + description: SecondaryCidrBlock is the additional CIDR range to use + for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + type: string + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + tokenMethod: + default: iam-authenticator + description: TokenMethod is used to specify the method for obtaining + a client token for communicating with EKS iam-authenticator - obtains + a client token using iam-authentictor aws-cli - obtains a client + token using the AWS CLI Defaults to iam-authenticator + enum: + - iam-authenticator + - aws-cli + type: string + version: + description: Version defines the desired Kubernetes version. If no + version number is supplied then the latest version of Kubernetes + that EKS supports will be used. + minLength: 2 + pattern: ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + type: string + vpcCni: + description: VpcCni is used to set configuration options for the VPC + CNI plugin + properties: + env: + description: Env defines a list of environment variables to apply + to the `aws-node` DaemonSet + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + description: AWSManagedControlPlaneStatus defines the observed state of + an Amazon EKS Cluster. + properties: + addons: + description: Addons holds the current status of the EKS addons + items: + description: AddonState represents the state of an addon. + properties: + arn: + description: ARN is the AWS ARN of the addon + type: string + createdAt: + description: CreatedAt is the date and time the addon was created + at + format: date-time + type: string + issues: + description: Issues is a list of issue associated with the addon + items: + description: AddonIssue represents an issue with an addon. + properties: + code: + description: Code is the issue code + type: string + message: + description: Message is the textual description of the + issue + type: string + resourceIds: + description: ResourceIDs is a list of resource ids for + the issue + items: + type: string + type: array + type: object + type: array + modifiedAt: + description: ModifiedAt is the date and time the addon was last + modified + format: date-time + type: string + name: + description: Name is the name of the addon + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of the IAM role + used for the service account + type: string + status: + description: Status is the status of the addon + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - arn + - name + - version + type: object + type: array + bastion: + description: Bastion holds details of the instance that is used as + a bastion jump box + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + identityProviderStatus: + description: IdentityProviderStatus holds the status for associated + identity provider + properties: + arn: + description: ARN holds the ARN of associated identity provider + type: string + status: + description: Status holds current status of associated identity + provider + type: string + type: object + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + networkStatus: + description: Networks holds details about the AWS networking resources + used by the control plane + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + oidcProvider: + description: OIDCProvider holds the status of the identity provider + for this cluster + properties: + arn: + description: ARN holds the ARN of the provider + type: string + trustPolicy: + description: TrustPolicy contains the boilerplate IAM trust policy + to use for IRSA + type: string + type: object + ready: + default: false + description: Ready denotes that the AWSManagedControlPlane API Server + is ready to receive requests and that the VPC infra is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the control plane is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedControlPlane is the schema for the Amazon EKS Managed + Control Plane API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedControlPlaneSpec defines the desired state of an + Amazon EKS Cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + addons: + description: Addons defines the EKS addons to enable with the EKS + cluster. + items: + description: Addon represents a EKS addon. + properties: + configuration: + description: Configuration of the EKS addon + type: string + conflictResolution: + default: overwrite + description: ConflictResolution is used to declare what should + happen if there are parameter conflicts. Defaults to none + enum: + - overwrite + - none + type: string + name: + description: Name is the name of the addon + minLength: 2 + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of an IAM role + to bind to the addons service account + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - name + - version + type: object + type: array + associateOIDCProvider: + default: false + description: AssociateOIDCProvider can be enabled to automatically + create an identity provider for the controller for use with IAM + roles for service accounts + type: boolean + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + eksClusterName: + description: EKSClusterName allows you to specify the name of the + EKS cluster in AWS. If you don't specify a name then a default name + will be created based on the namespace and name of the managed control + plane. + type: string + encryptionConfig: + description: EncryptionConfig specifies the encryption configuration + for the cluster + properties: + provider: + description: Provider specifies the ARN or alias of the CMK (in + AWS KMS) + type: string + resources: + description: Resources specifies the resources to be encrypted + items: + type: string + type: array + type: object + endpointAccess: + description: Endpoints specifies access to this cluster's control + plane endpoints + properties: + private: + description: Private points VPC-internal control plane access + to the private endpoint + type: boolean + public: + description: Public controls whether control plane endpoints are + publicly accessible + type: boolean + publicCIDRs: + description: PublicCIDRs specifies which blocks can access the + public endpoint + items: + type: string + type: array + type: object + iamAuthenticatorConfig: + description: IAMAuthenticatorConfig allows the specification of any + additional user or role mappings for use when generating the aws-iam-authenticator + configuration. If this is nil the default configuration is still + generated for the cluster. + properties: + mapRoles: + description: RoleMappings is a list of role mappings + items: + description: RoleMapping represents a mapping from a IAM role + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + rolearn: + description: RoleARN is the AWS ARN for the role to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - rolearn + - username + type: object + type: array + mapUsers: + description: UserMappings is a list of user mappings + items: + description: UserMapping represents a mapping from an IAM user + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + userarn: + description: UserARN is the AWS ARN for the user to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - userarn + - username + type: object + type: array + type: object + identityRef: + description: IdentityRef is a reference to a identity to be used when + reconciling the managed control plane. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + kubeProxy: + description: KubeProxy defines managed attributes of the kube-proxy + daemonset + properties: + disable: + default: false + description: Disable set to true indicates that kube-proxy should + be disabled. With EKS clusters kube-proxy is automatically installed + into the cluster. For clusters where you want to use kube-proxy + functionality that is provided with an alternate CNI, this option + provides a way to specify that the kube-proxy daemonset should + be deleted. You cannot set this to true if you are using the + Amazon kube-proxy addon. + type: boolean + type: object + logging: + description: Logging specifies which EKS Cluster logs should be enabled. + Entries for each of the enabled logs will be sent to CloudWatch + properties: + apiServer: + default: false + description: APIServer indicates if the Kubernetes API Server + log (kube-apiserver) shoulkd be enabled + type: boolean + audit: + default: false + description: Audit indicates if the Kubernetes API audit log should + be enabled + type: boolean + authenticator: + default: false + description: Authenticator indicates if the iam authenticator + log should be enabled + type: boolean + controllerManager: + default: false + description: ControllerManager indicates if the controller manager + (kube-controller-manager) log should be enabled + type: boolean + scheduler: + default: false + description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) + log should be enabled + type: boolean + required: + - apiServer + - audit + - authenticator + - controllerManager + - scheduler + type: object + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + oidcIdentityProviderConfig: + description: IdentityProviderconfig is used to specify the oidc provider + config to be attached with this eks cluster + properties: + clientId: + description: This is also known as audience. The ID for the client + application that makes authentication requests to the OpenID + identity provider. + type: string + groupsClaim: + description: The JWT claim that the provider uses to return your + groups. + type: string + groupsPrefix: + description: 'The prefix that is prepended to group claims to + prevent clashes with existing names (such as system: groups). + For example, the valueoidc: will create group names like oidc:engineering + and oidc:infra.' + type: string + identityProviderConfigName: + description: "The name of the OIDC provider configuration. \n + IdentityProviderConfigName is a required field" + type: string + issuerUrl: + description: The URL of the OpenID identity provider that allows + the API server to discover public signing keys for verifying + tokens. The URL must begin with https:// and should correspond + to the iss claim in the provider's OIDC ID tokens. Per the OIDC + standard, path components are allowed but query parameters are + not. Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. This URL should point to the level below + .well-known/openid-configuration and must be publicly accessible + over the internet. + type: string + requiredClaims: + additionalProperties: + type: string + description: The key value pairs that describe required claims + in the identity token. If set, each claim is verified to be + present in the token with a matching value. For the maximum + number of claims that you can require, see Amazon EKS service + quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + in the Amazon EKS User Guide. + type: object + tags: + additionalProperties: + type: string + description: tags to apply to oidc identity provider association + type: object + usernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. + The default is sub, which is expected to be a unique identifier + of the end user. You can choose other claims, such as email + or name, depending on the OpenID identity provider. Claims other + than email are prefixed with the issuer URL to prevent naming + clashes with other plug-ins. + type: string + usernamePrefix: + description: The prefix that is prepended to username claims to + prevent clashes with existing names. If you do not provide this + field, and username is a value other than email, the prefix + defaults to issuerurl#. You can use the value - to disable all + prefixing. + type: string + type: object + partition: + description: Partition is the AWS security partition being used. Defaults + to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the control plane role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role that gives EKS + permission to make API calls. If the role is pre-existing we will + treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM + feature flag is true and no name is supplied then a role is created. + minLength: 2 + type: string + secondaryCidrBlock: + description: SecondaryCidrBlock is the additional CIDR range to use + for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + type: string + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + tokenMethod: + default: iam-authenticator + description: TokenMethod is used to specify the method for obtaining + a client token for communicating with EKS iam-authenticator - obtains + a client token using iam-authentictor aws-cli - obtains a client + token using the AWS CLI Defaults to iam-authenticator + enum: + - iam-authenticator + - aws-cli + type: string + version: + description: Version defines the desired Kubernetes version. If no + version number is supplied then the latest version of Kubernetes + that EKS supports will be used. + minLength: 2 + pattern: ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + type: string + vpcCni: + description: VpcCni is used to set configuration options for the VPC + CNI plugin + properties: + disable: + default: false + description: Disable indicates that the Amazon VPC CNI should + be disabled. With EKS clusters the Amazon VPC CNI is automatically + installed into the cluster. For clusters where you want to use + an alternate CNI this option provides a way to specify that + the Amazon VPC CNI should be deleted. You cannot set this to + true if you are using the Amazon VPC CNI addon. + type: boolean + env: + description: Env defines a list of environment variables to apply + to the `aws-node` DaemonSet + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + description: AWSManagedControlPlaneStatus defines the observed state of + an Amazon EKS Cluster. + properties: + addons: + description: Addons holds the current status of the EKS addons + items: + description: AddonState represents the state of an addon. + properties: + arn: + description: ARN is the AWS ARN of the addon + type: string + createdAt: + description: CreatedAt is the date and time the addon was created + at + format: date-time + type: string + issues: + description: Issues is a list of issue associated with the addon + items: + description: AddonIssue represents an issue with an addon. + properties: + code: + description: Code is the issue code + type: string + message: + description: Message is the textual description of the + issue + type: string + resourceIds: + description: ResourceIDs is a list of resource ids for + the issue + items: + type: string + type: array + type: object + type: array + modifiedAt: + description: ModifiedAt is the date and time the addon was last + modified + format: date-time + type: string + name: + description: Name is the name of the addon + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of the IAM role + used for the service account + type: string + status: + description: Status is the status of the addon + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - arn + - name + - version + type: object + type: array + bastion: + description: Bastion holds details of the instance that is used as + a bastion jump box + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + identityProviderStatus: + description: IdentityProviderStatus holds the status for associated + identity provider + properties: + arn: + description: ARN holds the ARN of associated identity provider + type: string + status: + description: Status holds current status of associated identity + provider + type: string + type: object + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + networkStatus: + description: Networks holds details about the AWS networking resources + used by the control plane + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + oidcProvider: + description: OIDCProvider holds the status of the identity provider + for this cluster + properties: + arn: + description: ARN holds the ARN of the provider + type: string + trustPolicy: + description: TrustPolicy contains the boilerplate IAM trust policy + to use for IRSA + type: string + type: object + ready: + default: false + description: Ready denotes that the AWSManagedControlPlane API Server + is ready to receive requests and that the VPC infra is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedMachinePool + listKind: AWSManagedMachinePoolList + plural: awsmanagedmachinepools + shortNames: + - awsmmp + singular: awsmanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSManagedMachinePool is the Schema for the awsmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + amiType: + default: AL2_x86_64 + description: AMIType defines the AMI type + enum: + - AL2_x86_64 + - AL2_x86_64_GPU + - AL2_ARM_64 + - CUSTOM + type: string + amiVersion: + description: AMIVersion defines the desired AMI release version. If + no version number is supplied then the latest version for the Kubernetes + version will be used + minLength: 2 + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template to use + to create the managed node group. If AWSLaunchTemplate is specified, + certain node group configuraions outside of launch template are + prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityType: + default: onDemand + description: CapacityType specifies the capacity type for the ASG + behind this pool + enum: + - onDemand + - spot + type: string + diskSize: + description: DiskSize specifies the root disk size + format: int32 + type: integer + eksNodegroupName: + description: EKSNodegroupName specifies the name of the nodegroup + in AWS corresponding to this MachinePool. If you don't specify a + name then a default name will be created based on the namespace + and name of the managed machine pool. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + autoscaling group corresponding to the nodegroup represented by + this machine pool + items: + type: string + type: array + remoteAccess: + description: RemoteAccess specifies how machines can be accessed remotely + properties: + public: + description: Public specifies whether to open port 22 to the public + internet + type: boolean + sourceSecurityGroups: + description: SourceSecurityGroups specifies which security groups + are allowed access + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies which EC2 SSH key can be used + to access machines. If left empty, the key from the control + plane is used. + type: string + type: object + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the node group role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role for the node + group. If the role is pre-existing we will treat it as unmanaged + and not delete it on deletion. If the EKSEnableIAM feature flag + is true and no name is supplied then a role is created. + type: string + scaling: + description: Scaling specifies scaling for the ASG behind this pool + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup + items: + type: string + type: array + taints: + description: Taints specifies the taints to apply to the nodes of + the machine pool + items: + description: Taint defines the specs for a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - no-schedule + - no-execute + - prefer-no-schedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + updateConfig: + description: UpdateConfig holds the optional config to control the + behaviour of the update to the nodegroup. + properties: + maxUnavailable: + description: MaxUnavailable is the maximum number of nodes unavailable + at once during a version update. Nodes will be updated in parallel. + The maximum number is 100. + maximum: 100 + minimum: 1 + type: integer + maxUnavailablePrecentage: + description: MaxUnavailablePercentage is the maximum percentage + of nodes unavailable during a version update. This percentage + of nodes will be updated in parallel, up to 100 nodes at once. + maximum: 100 + minimum: 1 + type: integer + type: object + type: object + status: + description: AWSManagedMachinePoolStatus defines the observed state of + AWSManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + default: false + description: Ready denotes that the AWSManagedMachinePool nodegroup + has joined the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedMachinePool is the Schema for the awsmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + amiType: + default: AL2_x86_64 + description: AMIType defines the AMI type + enum: + - AL2_x86_64 + - AL2_x86_64_GPU + - AL2_ARM_64 + - CUSTOM + type: string + amiVersion: + description: AMIVersion defines the desired AMI release version. If + no version number is supplied then the latest version for the Kubernetes + version will be used + minLength: 2 + type: string + availabilityZoneSubnetType: + description: AvailabilityZoneSubnetType specifies which type of subnets + to use when an availability zone is specified. + enum: + - public + - private + - all + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template to use + to create the managed node group. If AWSLaunchTemplate is specified, + certain node group configuraions outside of launch template are + prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions defines the behavior for + applying metadata to instances. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityType: + default: onDemand + description: CapacityType specifies the capacity type for the ASG + behind this pool + enum: + - onDemand + - spot + type: string + diskSize: + description: DiskSize specifies the root disk size + format: int32 + type: integer + eksNodegroupName: + description: EKSNodegroupName specifies the name of the nodegroup + in AWS corresponding to this MachinePool. If you don't specify a + name then a default name will be created based on the namespace + and name of the managed machine pool. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + autoscaling group corresponding to the nodegroup represented by + this machine pool + items: + type: string + type: array + remoteAccess: + description: RemoteAccess specifies how machines can be accessed remotely + properties: + public: + description: Public specifies whether to open port 22 to the public + internet + type: boolean + sourceSecurityGroups: + description: SourceSecurityGroups specifies which security groups + are allowed access + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies which EC2 SSH key can be used + to access machines. If left empty, the key from the control + plane is used. + type: string + type: object + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the node group role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role for the node + group. If the role is pre-existing we will treat it as unmanaged + and not delete it on deletion. If the EKSEnableIAM feature flag + is true and no name is supplied then a role is created. + type: string + scaling: + description: Scaling specifies scaling for the ASG behind this pool + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup + items: + type: string + type: array + taints: + description: Taints specifies the taints to apply to the nodes of + the machine pool + items: + description: Taint defines the specs for a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - no-schedule + - no-execute + - prefer-no-schedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + updateConfig: + description: UpdateConfig holds the optional config to control the + behaviour of the update to the nodegroup. + properties: + maxUnavailable: + description: MaxUnavailable is the maximum number of nodes unavailable + at once during a version update. Nodes will be updated in parallel. + The maximum number is 100. + maximum: 100 + minimum: 1 + type: integer + maxUnavailablePercentage: + description: MaxUnavailablePercentage is the maximum percentage + of nodes unavailable during a version update. This percentage + of nodes will be updated in parallel, up to 100 nodes at once. + maximum: 100 + minimum: 1 + type: integer + type: object + type: object + status: + description: AWSManagedMachinePoolStatus defines the observed state of + AWSManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + default: false + description: Ready denotes that the AWSManagedMachinePool nodegroup + has joined the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: eksconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: EKSConfig + listKind: EKSConfigList + plural: eksconfigs + shortNames: + - eksc + singular: eksconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Bootstrap configuration is ready + jsonPath: .status.ready + name: Ready + type: string + - description: Name of Secret containing bootstrap data + jsonPath: .status.dataSecretName + name: DataSecretName + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: EKSConfig is the schema for the Amazon EKS Machine Bootstrap + Configuration API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigSpec defines the desired state of Amazon EKS Bootstrap + Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts for + AWS API call. + type: integer + containerRuntime: + description: ContainerRuntime specify the container runtime to use + when bootstrapping EKS. + type: string + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use for DNS + queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of the /etc/docker/daemon.json + file. Useful if you want a custom config differing from the default + one in the AMI. This is expected to be a json string. + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet args into + the Amazon EKS machine bootstrap script + type: object + pauseContainer: + description: PauseContainer allows customization of the pause container + to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to pull the + pause container from. + type: string + version: + description: Version is the tag of the pause container to use. + type: string + required: + - accountNumber + - version + type: object + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the cluster. + If this is specified then the ip family will be set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when true. + type: boolean + type: object + status: + description: EKSConfigStatus defines the observed state of the Amazon + EKS Bootstrap Configuration. + properties: + conditions: + description: Conditions defines current service state of the EKSConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData secret is ready to + be consumed + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Bootstrap configuration is ready + jsonPath: .status.ready + name: Ready + type: string + - description: Name of Secret containing bootstrap data + jsonPath: .status.dataSecretName + name: DataSecretName + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: EKSConfig is the schema for the Amazon EKS Machine Bootstrap + Configuration API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigSpec defines the desired state of Amazon EKS Bootstrap + Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts for + AWS API call. + type: integer + boostrapCommandOverride: + description: BootstrapCommandOverride allows you to override the bootstrap + command to use for EKS nodes. + type: string + containerRuntime: + description: ContainerRuntime specify the container runtime to use + when bootstrapping EKS. + type: string + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use for DNS + queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of the /etc/docker/daemon.json + file. Useful if you want a custom config differing from the default + one in the AMI. This is expected to be a json string. + type: string + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet args into + the Amazon EKS machine bootstrap script + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + pauseContainer: + description: PauseContainer allows customization of the pause container + to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to pull the + pause container from. + type: string + version: + description: Version is the tag of the pause container to use. + type: string + required: + - accountNumber + - version + type: object + postBootstrapCommands: + description: PostBootstrapCommands specifies extra commands to run + after bootstrapping nodes to the cluster + items: + type: string + type: array + preBootstrapCommands: + description: PreBootstrapCommands specifies extra commands to run + before bootstrapping nodes to the cluster + items: + type: string + type: array + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the cluster. + If this is specified then the ip family will be set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when true. + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the username + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + type: object + status: + description: EKSConfigStatus defines the observed state of the Amazon + EKS Bootstrap Configuration. + properties: + conditions: + description: Conditions defines current service state of the EKSConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData secret is ready to + be consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: eksconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: EKSConfigTemplate + listKind: EKSConfigTemplateList + plural: eksconfigtemplates + shortNames: + - eksct + singular: eksconfigtemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigTemplateSpec defines the desired state of templated + EKSConfig Amazon EKS Bootstrap Configuration resources. + properties: + template: + description: EKSConfigTemplateResource defines the Template structure. + properties: + spec: + description: EKSConfigSpec defines the desired state of Amazon + EKS Bootstrap Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts + for AWS API call. + type: integer + containerRuntime: + description: ContainerRuntime specify the container runtime + to use when bootstrapping EKS. + type: string + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use + for DNS queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of + the /etc/docker/daemon.json file. Useful if you want a custom + config differing from the default one in the AMI. This is + expected to be a json string. + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet + args into the Amazon EKS machine bootstrap script + type: object + pauseContainer: + description: PauseContainer allows customization of the pause + container to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to + pull the pause container from. + type: string + version: + description: Version is the tag of the pause container + to use. + type: string + required: + - accountNumber + - version + type: object + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the + cluster. If this is specified then the ip family will be + set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when + true. + type: boolean + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigTemplateSpec defines the desired state of templated + EKSConfig Amazon EKS Bootstrap Configuration resources. + properties: + template: + description: EKSConfigTemplateResource defines the Template structure. + properties: + spec: + description: EKSConfigSpec defines the desired state of Amazon + EKS Bootstrap Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts + for AWS API call. + type: integer + boostrapCommandOverride: + description: BootstrapCommandOverride allows you to override + the bootstrap command to use for EKS nodes. + type: string + containerRuntime: + description: ContainerRuntime specify the container runtime + to use when bootstrapping EKS. + type: string + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use + for DNS queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of + the /etc/docker/daemon.json file. Useful if you want a custom + config differing from the default one in the AMI. This is + expected to be a json string. + type: string + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet + args into the Amazon EKS machine bootstrap script + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + pauseContainer: + description: PauseContainer allows customization of the pause + container to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to + pull the pause container from. + type: string + version: + description: Version is the tag of the pause container + to use. + type: string + required: + - accountNumber + - version + type: object + postBootstrapCommands: + description: PostBootstrapCommands specifies extra commands + to run after bootstrapping nodes to the cluster + items: + type: string + type: array + preBootstrapCommands: + description: PreBootstrapCommands specifies extra commands + to run before bootstrapping nodes to the cluster + items: + type: string + type: array + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the + cluster. If this is specified then the ip family will be + set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when + true. + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the username + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + ${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn: arn} + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: controller-manager + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-leader-elect-role + namespace: capa-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - eksconfigs + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - eksconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machinepools + - machines + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes + - awsmanagedcontrolplanes/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes + - rosacontrolplanes/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclustercontrolleridentities + verbs: + - create + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclustercontrolleridentities + - awsclusterroleidentities + - awsclusterstaticidentities + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusterroleidentities + - awsclusterstaticidentities + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsfargateprofiles + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsfargateprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools + - awsmachinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + - awsmachines/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinetemplates + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters + - awsmanagedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools + - awsmanagedmachinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosaclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosaclusters/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-leader-elect-rolebinding + namespace: capa-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capa-leader-elect-role +subjects: +- kind: ServiceAccount + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capa-manager-role +subjects: +- kind: ServiceAccount + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: v1 +data: + credentials: ${AWS_B64ENCODED_CREDENTIALS} +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-bootstrap-credentials + namespace: capa-system +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-metrics-service + namespace: capa-system +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: metrics + selector: + cluster.x-k8s.io/provider: infrastructure-aws + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-webhook-service + namespace: capa-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-aws +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + name: capa-controller-manager + namespace: capa-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + template: + metadata: + annotations: + iam.amazonaws.com/role: ${AWS_CONTROLLER_IAM_ROLE:=""} + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: ${K8S_CP_LABEL:=node-role.kubernetes.io/control-plane} + operator: Exists + weight: 10 + - preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + weight: 10 + containers: + - args: + - --leader-elect + - --feature-gates=EKS=${CAPA_EKS:=true},EKSEnableIAM=${CAPA_EKS_IAM:=false},EKSAllowAddRoles=${CAPA_EKS_ADD_ROLES:=false},EKSFargate=${EXP_EKS_FARGATE:=false},MachinePool=${EXP_MACHINE_POOL:=false},EventBridgeInstanceState=${EVENT_BRIDGE_INSTANCE_STATE:=false},AutoControllerIdentityCreator=${AUTO_CONTROLLER_IDENTITY_CREATOR:=true},BootstrapFormatIgnition=${EXP_BOOTSTRAP_FORMAT_IGNITION:=false},ExternalResourceGC=${EXP_EXTERNAL_RESOURCE_GC:=false},AlternativeGCStrategy=${EXP_ALTERNATIVE_GC_STRATEGY:=false},TagUnmanagedNetworkResources=${TAG_UNMANAGED_NETWORK_RESOURCES:=true} + - --v=${CAPA_LOGLEVEL:=0} + - --metrics-bind-addr=0.0.0.0:8080 + env: + - name: AWS_SHARED_CREDENTIALS_FILE + value: /home/.aws/credentials + image: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.3.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /home/.aws + name: credentials + securityContext: + fsGroup: 1000 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capa-controller-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capa-webhook-service-cert + - name: credentials + secret: + secretName: capa-manager-bootstrap-credentials +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-serving-cert + namespace: capa-system +spec: + dnsNames: + - capa-webhook-service.capa-system.svc + - capa-webhook-service.capa-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capa-selfsigned-issuer + secretName: capa-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-selfsigned-issuer + namespace: capa-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awscluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustercontrolleridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclusterroleidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterroleidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterstaticidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclusterstaticidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterstaticidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachine + failurePolicy: Fail + name: mutation.awsmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsfargateprofile + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsfargateprofile.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsfargateprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmanagedmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.eksconfigs.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfig + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.eksconfigtemplates.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfigtemplate + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta2-awsmanagedcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedcontrolplanes + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awscluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustercontrolleridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclusterroleidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterroleidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterstaticidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclusterstaticidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterstaticidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsfargateprofile + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsfargateprofile.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsfargateprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmanagedmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.eksconfigs.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfig + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.eksconfigtemplates.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfigtemplate + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta2-awsmanagedcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedcontrolplanes + sideEffects: None diff --git a/files/cluster-api-provider-aws/v2.3.5/metadata.yaml b/files/cluster-api-provider-aws/v2.3.5/metadata.yaml new file mode 100644 index 00000000..d1c28d3c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.3.5/metadata.yaml @@ -0,0 +1,49 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 4 + contract: v1alpha2 + - major: 0 + minor: 5 + contract: v1alpha3 + - major: 0 + minor: 6 + contract: v1alpha3 + - major: 0 + minor: 7 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 2 + minor: 0 + contract: v1beta1 + - major: 2 + minor: 1 + contract: v1beta1 + - major: 2 + minor: 2 + contract: v1beta1 + - major: 2 + minor: 3 + contract: v1beta1 diff --git a/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderControlPlane.json b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderControlPlane.json new file mode 100644 index 00000000..2b628452 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderControlPlane.json @@ -0,0 +1,69 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyVolume", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DetachVolume", + "ec2:RevokeSecurityGroupIngress", + "ec2:DescribeVpcs", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:AttachLoadBalancerToSubnets", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateLoadBalancerPolicy", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancerListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DetachLoadBalancerFromSubnets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", + "iam:CreateServiceLinkedRole", + "kms:DescribeKey" + ], + "Resource": [ + "*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderNodes.json b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderNodes.json new file mode 100644 index 00000000..e4620777 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyCloudProviderNodes.json @@ -0,0 +1,27 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AssignIpv6Addresses", + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstanceTypes", + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecr:BatchGetImage" + ], + "Resource": [ + "*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllers.json b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllers.json new file mode 100644 index 00000000..ca16d0de --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllers.json @@ -0,0 +1,186 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeIpamPools", + "ec2:AllocateIpamPoolCidr", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteListener", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags" + ], + "Resource": [ + "arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "spot.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithEKS.json b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithEKS.json new file mode 100644 index 00000000..ca16d0de --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithEKS.json @@ -0,0 +1,186 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeIpamPools", + "ec2:AllocateIpamPoolCidr", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteListener", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags" + ], + "Resource": [ + "arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "spot.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithS3.json b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithS3.json new file mode 100644 index 00000000..7e45bfcf --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/AWSIAMManagedPolicyControllersWithS3.json @@ -0,0 +1,201 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeIpamPools", + "ec2:AllocateIpamPoolCidr", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteListener", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags" + ], + "Resource": [ + "arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": [ + "arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "spot.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:PutBucketPolicy", + "s3:PutBucketTagging" + ], + "Resource": [ + "arn:*:s3:::cluster-api-provider-aws-*" + ] + } + ] +} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-fargate.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-fargate.yaml new file mode 100644 index 00000000..c9dca2b4 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-fargate.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSFargateProfile +metadata: + name: "${CLUSTER_NAME}-fargate-0" +spec: + clusterName: "${CLUSTER_NAME}" + selectors: + - namespace: default diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-ipv6.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-ipv6.yaml new file mode 100644 index 00000000..7a6dfa26 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-ipv6.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + vpcCni: + env: + - name: ENABLE_PREFIX_DELEGATION + value: "true" + - name: ENABLE_IPv6 + value: "true" + - name: ENABLE_IPv4 + value: "false" + network: + vpc: + ipv6: {} + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" + addons: + - name: "vpc-cni" + version: "v1.11.0-eksbuild.1" + conflictResolution: "overwrite" + - name: "coredns" + version: "v1.8.7-eksbuild.1" + - name: "kube-proxy" + version: "v1.22.6-eksbuild.1" + +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: "${CLUSTER_NAME}" + version: "${KUBERNETES_VERSION}" + bootstrap: + configRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 + kind: EKSConfigTemplate + infrastructureRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + instanceType: "${AWS_NODE_MACHINE_TYPE}" + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 +kind: EKSConfigTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: {} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-machinepool.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-machinepool.yaml new file mode 100644 index 00000000..9ae1e6dc --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-machinepool.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 + kind: EKSConfig + name: "${CLUSTER_NAME}-mp-0" + clusterName: "${CLUSTER_NAME}" + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachinePool + name: "${CLUSTER_NAME}-mp-0" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: + minSize: 1 + maxSize: 10 + awsLaunchTemplate: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: "${AWS_NODE_MACHINE_TYPE}" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 +kind: EKSConfig +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: {} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-gpu.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-gpu.yaml new file mode 100644 index 00000000..adfe109c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-gpu.yaml @@ -0,0 +1,145 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" + labels: + gpu: "nvidia" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" + addons: + - name: "vpc-cni" + version: "${VPC_ADDON_VERSION:=v1.7.5-eksbuild.1}" + conflictResolution: "overwrite" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + amiType: "AL2_x86_64_GPU" + instanceType: "g4dn.xlarge" +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-nvidia +spec: + strategy: "ApplyOnce" + clusterSelector: + matchLabels: + gpu: "nvidia" + resources: + - name: nvidia-addon + kind: ConfigMap +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nvidia-addon +data: + nvidia-device-plugin.yaml: | + # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: nvidia-device-plugin-daemonset + namespace: kube-system + spec: + selector: + matchLabels: + name: nvidia-device-plugin-ds + updateStrategy: + type: RollingUpdate + template: + metadata: + # This annotation is deprecated. Kept here for backward compatibility + # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + name: nvidia-device-plugin-ds + spec: + tolerations: + # This toleration is deprecated. Kept here for backward compatibility + # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + - key: CriticalAddonsOnly + operator: Exists + - key: nvidia.com/gpu + operator: Exists + effect: NoSchedule + # Mark this pod as a critical add-on; when enabled, the critical add-on + # scheduler reserves resources for critical add-on pods so that they can + # be rescheduled after a failure. + # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ + priorityClassName: "system-node-critical" + containers: + - image: nvidia/k8s-device-plugin:v0.8.0 + name: nvidia-device-plugin-ctr + args: ["--fail-on-init-error=false"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins + volumes: + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-vpccni.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-vpccni.yaml new file mode 100644 index 00000000..bae62e11 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool-vpccni.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" + addons: + - name: "vpc-cni" + version: "${VPC_ADDON_VERSION:=v1.7.5-eksbuild.1}" + conflictResolution: "overwrite" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: {} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool.yaml new file mode 100644 index 00000000..1db30a2c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks-managedmachinepool.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: {} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks.yaml new file mode 100644 index 00000000..033ddde7 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-eks.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + kind: AWSManagedCluster + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: AWSManagedControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" +--- +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + version: "${KUBERNETES_VERSION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: "${CLUSTER_NAME}" + version: "${KUBERNETES_VERSION}" + bootstrap: + configRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 + kind: EKSConfigTemplate + infrastructureRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + instanceType: "${AWS_NODE_MACHINE_TYPE}" + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 +kind: EKSConfigTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: {} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-external-cloud-provider.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-external-cloud-provider.yaml new file mode 100644 index 00000000..60d17ac1 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-external-cloud-provider.yaml @@ -0,0 +1,992 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: external + cni: ${CLUSTER_NAME}-crs-0 + csi: external + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: ${CLUSTER_NAME} +spec: + network: + vpc: + availabilityZoneUsageLimit: 1 + region: ${AWS_REGION} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + template: + spec: + iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_NODE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' +--- +apiVersion: v1 +data: ${CNI_RESOURCES} +kind: ConfigMap +metadata: + name: cni-${CLUSTER_NAME}-crs-0 +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: ${CLUSTER_NAME}-crs-0 +spec: + clusterSelector: + matchLabels: + cni: ${CLUSTER_NAME}-crs-0 + resources: + - kind: ConfigMap + name: cni-${CLUSTER_NAME}-crs-0 + strategy: ApplyOnce +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-ccm +spec: + clusterSelector: + matchLabels: + ccm: external + resources: + - kind: ConfigMap + name: cloud-controller-manager-addon + strategy: ApplyOnce +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-csi +spec: + clusterSelector: + matchLabels: + csi: external + resources: + - kind: ConfigMap + name: aws-ebs-csi-driver-addon + strategy: ApplyOnce +--- +apiVersion: v1 +data: + aws-ccm-external.yaml: | + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: aws-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: aws-cloud-controller-manager + spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: aws-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: aws-cloud-controller-manager + image: gcr.io/k8s-staging-provider-aws/cloud-controller-manager:v1.20.0-alpha.0 + args: + - --v=2 + resources: + requests: + cpu: 200m + hostNetwork: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - '*' + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: cloud-controller-manager-addon +--- +apiVersion: v1 +data: + aws-ebs-csi-external.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: aws-secret + namespace: kube-system + stringData: + key_id: "" + access_key: "" + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-attacher-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-provisioner-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-resizer-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-snapshotter-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-attacher-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-attacher-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-provisioner-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-provisioner-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-resizer-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-resizer-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-snapshotter-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-snapshotter-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + containers: + - args: + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: key_id + name: aws-secret + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: aws-secret + optional: true + image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.2.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --feature-gates=Topology=true + - --extra-create-metadata + - --leader-election=true + - --default-fstype=ext4 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-provisioner:v2.1.1 + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-attacher:v3.1.0 + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-snapshotter:v3.0.3 + name: csi-snapshotter + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8.io/sig-storage/csi-resizer:v1.0.0 + imagePullPolicy: Always + name: csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8.io/sig-storage/livenessprobe:v2.2.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: ebs-csi-controller-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + - key: node-role.kubernetes.io/master + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + volumes: + - emptyDir: {} + name: socket-dir + --- + apiVersion: policy/v1beta1 + kind: PodDisruptionBudget + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + maxUnavailable: 1 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node + namespace: kube-system + spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + containers: + - args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: registry.k8.io/provider-aws/aws-ebs-csi-driver:v1.2.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /dev + name: device-dir + - args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + image: registry.k8.io/sig-storage/csi-node-driver-registrar:v2.1.0 + name: node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8.io/sig-storage/livenessprobe:v2.2.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: plugin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: ebs-csi-node-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate + --- + apiVersion: storage.k8s.io/v1 + kind: CSIDriver + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs.csi.aws.com + spec: + attachRequired: true + podInfoOnMount: false +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: aws-ebs-csi-driver-addon diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-flatcar.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-flatcar.yaml new file mode 100644 index 00000000..fa1e346c --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-flatcar.yaml @@ -0,0 +1,167 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" + s3Bucket: + controlPlaneIAMInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + name: "${AWS_S3_BUCKET_NAME}" + nodesIAMInstanceProfiles: + - nodes.cluster-api-provider-aws.sigs.k8s.io +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + machineTemplate: + infrastructureRef: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + name: $${COREOS_EC2_HOSTNAME} + kubeletExtraArgs: + cloud-provider: external + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + joinConfiguration: + nodeRegistration: + name: $${COREOS_EC2_HOSTNAME} + kubeletExtraArgs: + cloud-provider: external + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + enabled: true + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + # kubeadm must run after coreos-metadata populated /run/metadata directory. + Requires=coreos-metadata.service + After=coreos-metadata.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + [Service] + # To make metadata environment variables available for pre-kubeadm commands. + EnvironmentFile=/run/metadata/* + preKubeadmCommands: + - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp + - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + template: + spec: + instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + imageLookupBaseOS: flatcar-stable + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: ${CLUSTER_NAME} + version: ${KUBERNETES_VERSION} + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + instanceType: ${AWS_NODE_MACHINE_TYPE} + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + imageLookupBaseOS: flatcar-stable + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: $${COREOS_EC2_HOSTNAME} + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + enabled: true + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + # kubeadm must run after coreos-metadata populated /run/metadata directory. + Requires=coreos-metadata.service + After=coreos-metadata.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + [Service] + # To make metadata environment variables available for pre-kubeadm commands. + EnvironmentFile=/run/metadata/* + preKubeadmCommands: + - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp + - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-machinepool.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-machinepool.yaml new file mode 100644 index 00000000..3b6aeacb --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-machinepool.yaml @@ -0,0 +1,131 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + region: "${AWS_REGION}" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + machineTemplate: + infrastructureRef: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: "${CLUSTER_NAME}-control-plane" + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: aws + controllerManager: + extraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + version: "${KUBERNETES_VERSION}" +--- +kind: AWSMachineTemplate +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + template: + spec: + instanceType: "${AWS_CONTROL_PLANE_MACHINE_TYPE}" + iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + minSize: 1 + maxSize: 10 + availabilityZones: + - "${AWS_AVAILABILITY_ZONE}" + awsLaunchTemplate: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: "${AWS_NODE_MACHINE_TYPE}" + sshKeyName: "${AWS_SSH_KEY_NAME}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineHealthCheck +metadata: + name: "${CLUSTER_NAME}-kcp-unhealthy" +spec: + clusterName: "${CLUSTER_NAME}" + maxUnhealthy: 100% + selector: + matchLabels: + cluster.x-k8s.io/control-plane: "" + unhealthyConditions: + - type: Ready + status: Unknown + timeout: 300s + - type: Ready + status: "False" + timeout: 300s \ No newline at end of file diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-multitenancy-clusterclass.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-multitenancy-clusterclass.yaml new file mode 100644 index 00000000..73c9ee8e --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-multitenancy-clusterclass.yaml @@ -0,0 +1,297 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: multi-tenancy +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: multi-tenancy-control-plane + machineInfrastructure: + ref: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: multi-tenancy-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + name: multi-tenancy + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: multi-tenancy-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: multi-tenancy-worker-machinetemplate + variables: + - name: region + required: true + schema: + openAPIV3Schema: + type: string + default: us-east-1 + - name: sshKeyName + required: true + schema: + openAPIV3Schema: + type: string + default: default + - name: controlPlaneMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + - name: workerMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + - name: bastionEnabled + required: false + schema: + openAPIV3Schema: + type: boolean + - name: vpcAZUsageLimit + required: false + schema: + openAPIV3Schema: + type: integer + - name: identityRef + required: false + schema: + openAPIV3Schema: + type: object + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + patches: + - name: awsClusterTemplateGeneral + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: add + path: "/spec/template/spec/region" + valueFrom: + variable: region + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: sshKeyName + - op: replace + path: "/spec/template/spec/bastion/enabled" + valueFrom: + variable: bastionEnabled + - op: replace + path: "/spec/template/spec/network/vpc/availabilityZoneUsageLimit" + valueFrom: + variable: vpcAZUsageLimit + - op: replace + path: "/spec/template/spec/identityRef" + valueFrom: + variable: identityRef + - name: awsMachineTemplateControlPlane + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: replace + path: "/spec/template/spec/instanceType" + valueFrom: + variable: controlPlaneMachineType + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: sshKeyName + - name: awsMachineTemplateWorker + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: "/spec/template/spec/instanceType" + valueFrom: + variable: workerMachineType + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: sshKeyName +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterTemplate +metadata: + name: multi-tenancy +spec: + template: + spec: {} +--- +kind: KubeadmControlPlaneTemplate +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: multi-tenancy-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: aws + controllerManager: + extraArgs: + cloud-provider: aws + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: multi-tenancy-control-plane +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: multi-tenancy-worker-machinetemplate +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "multi-tenancy-worker-bootstraptemplate" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: ${CLUSTER_NAME}-crs-0 + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: multi-tenancy + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: region + value: ${AWS_REGION} + - name: sshKeyName + value: ${AWS_SSH_KEY_NAME} + - name: controlPlaneMachineType + value: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + - name: workerMachineType + value: ${AWS_NODE_MACHINE_TYPE} + - name: bastionEnabled + value: true + - name: vpcAZUsageLimit + value: 1 + - name: identityRef + value: + kind: AWSClusterRoleIdentity + name: ${MULTI_TENANCY_NESTED_IDENTITY_NAME} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- +apiVersion: v1 +data: ${CNI_RESOURCES} +kind: ConfigMap +metadata: + name: cni-${CLUSTER_NAME}-crs-0 +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: ${CLUSTER_NAME}-crs-0 +spec: + clusterSelector: + matchLabels: + cni: ${CLUSTER_NAME}-crs-0 + resources: + - kind: ConfigMap + name: cni-${CLUSTER_NAME}-crs-0 + strategy: ApplyOnce +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterRoleIdentity +metadata: + name: ${MULTI_TENANCY_JUMP_IDENTITY_NAME} +spec: + allowedNamespaces: {} + durationSeconds: 900 + roleARN: ${MULTI_TENANCY_JUMP_ROLE_ARN} + sessionName: ${MULTI_TENANCY_JUMP_IDENTITY_NAME}-session + sourceIdentityRef: + kind: AWSClusterControllerIdentity + name: default +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterRoleIdentity +metadata: + name: ${MULTI_TENANCY_NESTED_IDENTITY_NAME} +spec: + allowedNamespaces: {} + roleARN: ${MULTI_TENANCY_NESTED_ROLE_ARN} + sessionName: ${MULTI_TENANCY_NESTED_IDENTITY_NAME}-session + sourceIdentityRef: + kind: AWSClusterRoleIdentity + name: ${MULTI_TENANCY_JUMP_IDENTITY_NAME} diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa-machinepool.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa-machinepool.yaml new file mode 100644 index 00000000..c86266fe --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa-machinepool.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: ROSACluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + kind: ROSAControlPlane + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: ROSACluster +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +kind: ROSAControlPlane +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + rosaClusterName: ${CLUSTER_NAME:0:15} + version: "${OPENSHIFT_VERSION}" + region: "${AWS_REGION}" + accountID: "${AWS_ACCOUNT_ID}" + creatorARN: "${AWS_CREATOR_ARN}" + network: + machineCIDR: "10.0.0.0/16" + rolesRef: + ingressARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-ingress-operator-cloud-credentials" + imageRegistryARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-image-registry-installer-cloud-credentials" + storageARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-cluster-csi-drivers-ebs-cloud-credentials" + networkARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-cloud-network-config-controller-cloud-credentials" + kubeCloudControllerARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-kube-controller-manager" + nodePoolManagementARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-capa-controller-manager" + controlPlaneOperatorARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-control-plane-operator" + kmsProviderARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-kms-provider" + oidcID: "${OIDC_CONFIG_ID}" + subnets: + - "${PUBLIC_SUBNET_ID}" + - "${PRIVATE_SUBNET_ID}" + availabilityZones: + - "${AWS_AVAILABILITY_ZONE}" + installerRoleARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Installer-Role" + supportRoleARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Support-Role" + workerRoleARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Worker-Role" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: 1 + template: + spec: + clusterName: "${CLUSTER_NAME}" + bootstrap: + dataSecretName: "" + infrastructureRef: + name: "${CLUSTER_NAME}-pool-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: ROSAMachinePool +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: ROSAMachinePool +metadata: + name: "${CLUSTER_NAME}-pool-0" +spec: + nodePoolName: "nodepool-0" + instanceType: "m5.xlarge" + subnet: "${PRIVATE_SUBNET_ID}" + version: "${OPENSHIFT_VERSION}" + + diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa.yaml new file mode 100644 index 00000000..76357513 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-rosa.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: ROSACluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 + kind: ROSAControlPlane + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: ROSACluster +metadata: + name: "${CLUSTER_NAME}" +spec: {} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +kind: ROSAControlPlane +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + rosaClusterName: ${CLUSTER_NAME:0:15} + version: "${OPENSHIFT_VERSION}" + region: "${AWS_REGION}" + accountID: "${AWS_ACCOUNT_ID}" + creatorARN: "${AWS_CREATOR_ARN}" + network: + machineCIDR: "10.0.0.0/16" + rolesRef: + ingressARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-ingress-operator-cloud-credentials" + imageRegistryARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-image-registry-installer-cloud-credentials" + storageARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-cluster-csi-drivers-ebs-cloud-credentials" + networkARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-openshift-cloud-network-config-controller-cloud-credentials" + kubeCloudControllerARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-kube-controller-manager" + nodePoolManagementARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-capa-controller-manager" + controlPlaneOperatorARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-control-plane-operator" + kmsProviderARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${OPERATOR_ROLES_PREFIX}-kube-system-kms-provider" + oidcID: "${OIDC_CONFIG_ID}" + subnets: + - "${PUBLIC_SUBNET_ID}" + - "${PRIVATE_SUBNET_ID}" + availabilityZones: + - "${AWS_AVAILABILITY_ZONE}" + installerRoleARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Installer-Role" + supportRoleARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Support-Role" + workerRoleARN: "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Worker-Role" diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template-simple-clusterclass.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template-simple-clusterclass.yaml new file mode 100644 index 00000000..c0a52ee3 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template-simple-clusterclass.yaml @@ -0,0 +1,242 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: ${CLUSTER_NAME}-crs-0 + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: quick-start + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: region + value: ${AWS_REGION} + - name: sshKeyName + value: ${AWS_SSH_KEY_NAME} + - name: controlPlaneMachineType + value: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + - name: workerMachineType + value: ${AWS_NODE_MACHINE_TYPE} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: quick-start +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: quick-start-control-plane + machineInfrastructure: + ref: + kind: AWSMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + name: quick-start-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + name: quick-start + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: quick-start-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: quick-start-worker-machinetemplate + variables: + - name: region + required: true + schema: + openAPIV3Schema: + type: string + default: us-east-1 + - name: sshKeyName + required: true + schema: + openAPIV3Schema: + type: string + default: default + - name: controlPlaneMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + - name: workerMachineType + required: true + schema: + openAPIV3Schema: + type: string + default: t3.large + patches: + - name: region + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: add + path: /spec/template/spec/region + valueFrom: + variable: region + - name: sshKeyName + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: add + path: /spec/template/spec/sshKeyName + valueFrom: + variable: sshKeyName + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + controlPlane: true + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: /spec/template/spec/sshKeyName + valueFrom: + variable: sshKeyName + - name: controlPlaneMachineType + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: replace + path: /spec/template/spec/instanceType + valueFrom: + variable: controlPlaneMachineType + - name: workerMachineType + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: /spec/template/spec/instanceType + valueFrom: + variable: workerMachineType +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSClusterTemplate +metadata: + name: quick-start +spec: + template: + spec: { } +--- +kind: KubeadmControlPlaneTemplate +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: quick-start-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: aws + controllerManager: + extraArgs: + cloud-provider: aws + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: quick-start-control-plane +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: quick-start-worker-machinetemplate +spec: + template: + spec: + # instanceType is a required field (OpenAPI schema). + instanceType: REPLACEME + iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "quick-start-worker-bootstraptemplate" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname }}' + kubeletExtraArgs: + cloud-provider: aws +--- +apiVersion: v1 +data: ${CNI_RESOURCES} +kind: ConfigMap +metadata: + name: cni-${CLUSTER_NAME}-crs-0 +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: ${CLUSTER_NAME}-crs-0 +spec: + clusterSelector: + matchLabels: + cni: ${CLUSTER_NAME}-crs-0 + resources: + - kind: ConfigMap + name: cni-${CLUSTER_NAME}-crs-0 + strategy: ApplyOnce diff --git a/files/cluster-api-provider-aws/v2.4.0/cluster-template.yaml b/files/cluster-api-provider-aws/v2.4.0/cluster-template.yaml new file mode 100644 index 00000000..3a9cfffd --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/cluster-template.yaml @@ -0,0 +1,969 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: external + csi: external + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSCluster +metadata: + name: ${CLUSTER_NAME} +spec: + region: ${AWS_REGION} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + template: + spec: + iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io + instanceType: ${AWS_NODE_MACHINE_TYPE} + sshKeyName: ${AWS_SSH_KEY_NAME} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data.local_hostname }}' +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-ccm +spec: + clusterSelector: + matchLabels: + ccm: external + resources: + - kind: ConfigMap + name: cloud-controller-manager-addon + strategy: ApplyOnce +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-csi +spec: + clusterSelector: + matchLabels: + csi: external + resources: + - kind: ConfigMap + name: aws-ebs-csi-driver-addon + strategy: ApplyOnce +--- +apiVersion: v1 +data: + aws-ccm-external.yaml: | + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: aws-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: aws-cloud-controller-manager + spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: aws-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: aws-cloud-controller-manager + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.3 + args: + - --v=2 + - --cloud-provider=aws + - --use-service-account-credentials=true + - --configure-cloud-routes=false + resources: + requests: + cpu: 200m + hostNetwork: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - '*' + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: cloud-controller-manager-addon +--- +apiVersion: v1 +data: + aws-ebs-csi-external.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: aws-secret + namespace: kube-system + stringData: + key_id: "" + access_key: "" + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-attacher-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-provisioner-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-resizer-role + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-external-snapshotter-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-attacher-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-attacher-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-provisioner-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-provisioner-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-resizer-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-resizer-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-snapshotter-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-snapshotter-role + subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + containers: + - args: + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: key_id + name: aws-secret + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: aws-secret + optional: true + image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.25.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --feature-gates=Topology=true + - --extra-create-metadata + - --leader-election=true + - --default-fstype=ext4 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + name: csi-snapshotter + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: Always + name: csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: ebs-csi-controller-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + - key: node-role.kubernetes.io/master + effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + volumes: + - emptyDir: {} + name: socket-dir + --- + apiVersion: policy/v1beta1 + kind: PodDisruptionBudget + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-controller + namespace: kube-system + spec: + maxUnavailable: 1 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs-csi-node + namespace: kube-system + spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + containers: + - args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.25.0 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /dev + name: device-dir + - args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2 + name: node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: plugin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: ebs-csi-node-sa + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + tolerationSeconds: 300 + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate + --- + apiVersion: storage.k8s.io/v1 + kind: CSIDriver + metadata: + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + name: ebs.csi.aws.com + spec: + attachRequired: true + podInfoOnMount: false +kind: ConfigMap +metadata: + annotations: + note: generated + labels: + type: generated + name: aws-ebs-csi-driver-addon diff --git a/files/cluster-api-provider-aws/v2.4.0/infrastructure-components.yaml b/files/cluster-api-provider-aws/v2.4.0/infrastructure-components.yaml new file mode 100644 index 00000000..31f93f52 --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/infrastructure-components.yaml @@ -0,0 +1,16169 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterControllerIdentity + listKind: AWSClusterControllerIdentityList + plural: awsclustercontrolleridentities + shortNames: + - awsci + singular: awsclustercontrolleridentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities + API It is used to grant access to use Cluster API Provider AWS Controller + credentials. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterControllerIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities + API It is used to grant access to use Cluster API Provider AWS Controller + credentials. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterControllerIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclusterroleidentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterRoleIdentity + listKind: AWSClusterRoleIdentityList + plural: awsclusterroleidentities + shortNames: + - awsri + singular: awsclusterroleidentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities + API It is used to assume a role using the provided sourceRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterRoleIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + durationSeconds: + description: The duration, in seconds, of the role session before + it is renewed. + format: int32 + maximum: 43200 + minimum: 900 + type: integer + externalID: + description: A unique identifier that might be required when you assume + a role in another account. If the administrator of the account to + which the role belongs provided you with an external ID, then provide + that value in the ExternalId parameter. This value can be any string, + such as a passphrase or account number. A cross-account role is + usually set up to trust everyone in an account. Therefore, the administrator + of the trusting account might send an external ID to the administrator + of the trusted account. That way, only someone with the ID can assume + the role, rather than everyone in the account. For more information + about the external ID, see How to Use an External ID When Granting + Access to Your AWS Resources to a Third Party in the IAM User Guide. + type: string + inlinePolicy: + description: An IAM policy as a JSON-encoded string that you want + to use as an inline session policy. + type: string + policyARNs: + description: The Amazon Resource Names (ARNs) of the IAM managed policies + that you want to use as managed session policies. The policies must + exist in the same account as the role. + items: + type: string + type: array + roleARN: + description: The Amazon Resource Name (ARN) of the role to assume. + type: string + sessionName: + description: An identifier for the assumed role session + type: string + sourceIdentityRef: + description: SourceIdentityRef is a reference to another identity + which will be chained to do role assumption. All identity types + are accepted. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + required: + - roleARN + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities + API It is used to assume a role using the provided sourceRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterRoleIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + durationSeconds: + description: The duration, in seconds, of the role session before + it is renewed. + format: int32 + maximum: 43200 + minimum: 900 + type: integer + externalID: + description: A unique identifier that might be required when you assume + a role in another account. If the administrator of the account to + which the role belongs provided you with an external ID, then provide + that value in the ExternalId parameter. This value can be any string, + such as a passphrase or account number. A cross-account role is + usually set up to trust everyone in an account. Therefore, the administrator + of the trusting account might send an external ID to the administrator + of the trusted account. That way, only someone with the ID can assume + the role, rather than everyone in the account. For more information + about the external ID, see How to Use an External ID When Granting + Access to Your AWS Resources to a Third Party in the IAM User Guide. + type: string + inlinePolicy: + description: An IAM policy as a JSON-encoded string that you want + to use as an inline session policy. + type: string + policyARNs: + description: The Amazon Resource Names (ARNs) of the IAM managed policies + that you want to use as managed session policies. The policies must + exist in the same account as the role. + items: + type: string + type: array + roleARN: + description: The Amazon Resource Name (ARN) of the role to assume. + type: string + sessionName: + description: An identifier for the assumed role session + type: string + sourceIdentityRef: + description: SourceIdentityRef is a reference to another identity + which will be chained to do role assumption. All identity types + are accepted. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + required: + - roleARN + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSCluster + listKind: AWSClusterList + plural: awsclusters + shortNames: + - awsc + singular: awscluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for EC2 instances + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the cluster is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration for + customizing control plane behavior. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for classic + ELB health check target default value is ClassicELBProtocolSSL + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + type: object + type: array + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting S3 + bucket for this cluster - currently used for nodes requiring Ignition + (https://coreos.github.io/ignition/) for bootstrapping (requires + BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, + which will be allowed to read control-plane node bootstrap data + from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM instance + profiles, which will be allowed to read worker nodes bootstrap + data from S3 Bucket. + items: + type: string + type: array + required: + - controlPlaneIAMInstanceProfile + - name + - nodesIAMInstanceProfiles + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + type: object + status: + description: AWSClusterStatus defines the observed state of AWSCluster. + properties: + bastion: + description: Instance describes an AWS instance. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + networkStatus: + description: NetworkStatus encapsulates AWS networking resources. + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server classic + load balancer. + properties: + attributes: + description: Attributes defines extra attributes associated + with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: Listeners is an array of classic elb listeners + associated with the load balancer. There must be at least + one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ClassicELBProtocol defines listener protocols + for a classic load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ClassicELBProtocol defines listener protocols + for a classic load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + type: string + fromPort: + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + default: false + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for EC2 instances + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the cluster is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration for + customizing control plane behavior. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired state + of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the additional + listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning issue + solution that adds the NLB's address as 127.0.0.1 to the hosts + file of each instance. This is by default, false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for ELB + health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the control + plane load balancer. + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if preservation + of client ips must be retained or not. If this is enabled 6443 + will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and egress + rules should be removed. \n By default, when creating a + VPC, AWS creates a security group called `default` with + ingress and egress rules that allow traffic from anywhere. + The group could be used as a potential surface attack and + it's generally suggested that the group rules are removed + or modified appropriately. \n NOTE: This only applies when + the VPC is managed by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the type of + hostname to assign to instances in the subnet at launch. + For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an + instance DNS name can be based on the instance IPv4 address + (ip-name) or the instance ID (resource-name). For IPv6 only + subnets, an instance DNS name must be based on the instance + ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + partition: + description: Partition is the AWS security partition being used. Defaults + to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting S3 + bucket for this cluster - currently used for nodes requiring Ignition + (https://coreos.github.io/ignition/) for bootstrapping (requires + BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, + which will be allowed to read control-plane node bootstrap data + from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM instance + profiles, which will be allowed to read worker nodes bootstrap + data from S3 Bucket. + items: + type: string + type: array + presignedURLDuration: + description: "PresignedURLDuration defines the duration for which + presigned URLs are valid. \n This is used to generate presigned + URLs for S3 Bucket objects, which are used by control-plane + and worker nodes to fetch bootstrap data. \n When enabled, the + IAM instance profiles specified are not used." + type: string + required: + - name + type: object + secondaryControlPlaneLoadBalancer: + description: "SecondaryControlPlaneLoadBalancer is an additional load + balancer that can be used for the control plane. \n An example use + case is to have a separate internal load balancer for internal traffic, + and a separate external load balancer for external traffic." + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired state + of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the additional + listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning issue + solution that adds the NLB's address as 127.0.0.1 to the hosts + file of each instance. This is by default, false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for ELB + health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the control + plane load balancer. + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if preservation + of client ips must be retained or not. If this is enabled 6443 + will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + type: object + status: + description: AWSClusterStatus defines the observed state of AWSCluster. + properties: + bastion: + description: Instance describes an AWS instance. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + networkStatus: + description: NetworkStatus encapsulates AWS networking resources. + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + secondaryAPIServerELB: + description: SecondaryAPIServerELB is the secondary Kubernetes + api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + default: false + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclusterstaticidentities.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterStaticIdentity + listKind: AWSClusterStaticIdentityList + plural: awsclusterstaticidentities + shortNames: + - awssi + singular: awsclusterstaticidentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities + API It represents a reference to an AWS access key ID and secret access + key, stored in a secret. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterStaticIdentity + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + secretRef: + description: 'Reference to a secret containing the credentials. The + secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: + Optional' + type: string + required: + - secretRef + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities + API It represents a reference to an AWS access key ID and secret access + key, stored in a secret. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterStaticIdentity + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + secretRef: + description: 'Reference to a secret containing the credentials. The + secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: + Optional' + type: string + required: + - secretRef + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterTemplate + listKind: AWSClusterTemplateList + plural: awsclustertemplates + shortNames: + - awsct + singular: awsclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of AWSClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes + Cluster Templates. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. + properties: + template: + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to AWS resources managed by the AWS provider, in addition + to the ones added by default. + type: object + bastion: + description: Bastion contains options to configure the bastion + host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks + allowed to access the bastion host. They are set as + ingress rules for the Bastion host's Security Group + (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the + bastion. If not specified, the AMI will default to one + picked out in public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are + no Ingress rules in the bastion host's security group. + Requires AllowedCIDRBlocks to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a + bastion host instance with a public ip to access the + VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance + type for the bastion. If not specified, Cluster API + Provider AWS will use t3.micro for all regions except + us-east-1, where t2.micro will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for classic ELB health check target default value is + ClassicELBProtocolSSL + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to + be used when reconciling the managed control plane. If no + identity is specified, the default identity for this controller + will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system used to look up machine images when a machine does + not specify an AMI. When set, this will be used for all + cluster machines unless a machine specifies a different + ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. Supports + substitutions for {{.BaseOS}} and {{.K8sVersion}} with the + base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to + AWS network. + properties: + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply + to control plane and worker node security groups. + The source for the rule will be set to control plane + and worker security group IDs. + items: + description: CNIIngressRule defines an AWS ingress + rule for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set + of security groups to use for cluster instances This + is optional - if not provided new security groups will + be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability + zone to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block + to be used when the provider creates a managed + VPC. A subnet can have an IPv4 and an IPv6 address. + IPv6 is only supported in managed clusters, this + field cannot be set on AWSCluster object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 + subnet. A subnet is IPv6 when it is associated + with a VPC that has IPv6 enabled. IPv6 is only + supported in managed clusters, this field cannot + be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public + subnet. A subnet is public when it is associated + with a route table that has a route to an internet + gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id + associated with the subnet. Ignored unless the + subnet is managed by the provider, in which case + this is set on the public subnet where the NAT + gateway resides. It is then used to determine + routes for private subnets in the same AZ as the + public subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id + associated with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: array + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies + how AZs should be selected if there are more AZs + in a region than specified by AvailabilityZoneUsageLimit. + There are 2 selection schemes: Ordered - selects + based on alphabetical order Random - selects AZs + randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies + the maximum number of availability zones (AZ) that + should be used in a region when automatically creating + subnets. If a region has more than this number of + AZs then this number of AZs will be picked randomly + when creating default subnets. Defaults to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. Defaults + to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider + should use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet + gateway associated with the VPC. + type: string + ipv6: + description: IPv6 contains ipv6 specific settings + for the network. Supported only in managed clusters. + This field cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided + by Amazon when VPC has enabled IPv6. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the + id of the egress only internet gateway associated + with an IPv6 enabled VPC. + type: string + poolId: + description: PoolID is the IP pool which must + be defined in case of BYO IP is defined. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting + S3 bucket for this cluster - currently used for nodes requiring + Ignition (https://coreos.github.io/ignition/) for bootstrapping + (requires BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name + of the IAMInstanceProfile, which will be allowed to + read control-plane node bootstrap data from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM + instance profiles, which will be allowed to read worker + nodes bootstrap data from S3 Bucket. + items: + type: string + type: array + required: + - controlPlaneIAMInstanceProfile + - name + - nodesIAMInstanceProfiles + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the bastion host. Valid values are empty string (do not + use SSH keys), a valid SSH key name, or omitted (use the + default SSH key name) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of AWSClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes + Cluster Templates. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. + properties: + template: + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to AWS resources managed by the AWS provider, in addition + to the ones added by default. + type: object + bastion: + description: Bastion contains options to configure the bastion + host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks + allowed to access the bastion host. They are set as + ingress rules for the Bastion host's Security Group + (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the + bastion. If not specified, the AMI will default to one + picked out in public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are + no Ingress rules in the bastion host's security group. + Requires AllowedCIDRBlocks to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a + bastion host instance with a public ip to access the + VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance + type for the bastion. If not specified, Cluster API + Provider AWS will use t3.micro for all regions except + us-east-1, where t2.micro will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired + state of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the + additional listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning + issue solution that adds the NLB's address as 127.0.0.1 + to the hosts file of each instance. This is by default, + false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for ELB health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the + control plane load balancer. + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load + balancer. The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if + preservation of client ips must be retained or not. + If this is enabled 6443 will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to + be used when reconciling the managed control plane. If no + identity is specified, the default identity for this controller + will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system used to look up machine images when a machine does + not specify an AMI. When set, this will be used for all + cluster machines unless a machine specifies a different + ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. Supports + substitutions for {{.BaseOS}} and {{.K8sVersion}} with the + base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to + AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an + optional set of ingress rules to add to the control + plane + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply + to control plane and worker node security groups. + The source for the rule will be set to control plane + and worker security group IDs. + items: + description: CNIIngressRule defines an AWS ingress + rule for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set + of security groups to use for cluster instances This + is optional - if not provided new security groups will + be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability + zone to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to + reference this resource. If you're bringing your + subnet, set the AWS subnet-id here, it must start + with `subnet-`. \n When the VPC is managed by + CAPA, and you'd like the provider to create a + subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon + creation, the subnet AWS identifier will be populated + in the `ResourceID` field and the `id` field is + going to be used as the subnet name. If you specify + a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block + to be used when the provider creates a managed + VPC. A subnet can have an IPv4 and an IPv6 address. + IPv6 is only supported in managed clusters, this + field cannot be set on AWSCluster object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 + subnet. A subnet is IPv6 when it is associated + with a VPC that has IPv6 enabled. IPv6 is only + supported in managed clusters, this field cannot + be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public + subnet. A subnet is public when it is associated + with a route table that has a route to an internet + gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id + associated with the subnet. Ignored unless the + subnet is managed by the provider, in which case + this is set on the public subnet where the NAT + gateway resides. It is then used to determine + routes for private subnets in the same AZ as the + public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier + from AWS, READ ONLY. This field is populated when + the provider manages the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id + associated with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies + how AZs should be selected if there are more AZs + in a region than specified by AvailabilityZoneUsageLimit. + There are 2 selection schemes: Ordered - selects + based on alphabetical order Random - selects AZs + randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies + the maximum number of availability zones (AZ) that + should be used in a region when automatically creating + subnets. If a region has more than this number of + AZs then this number of AZs will be picked randomly + when creating default subnets. Defaults to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. Defaults + to 10.0.0.0/16. Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and + egress rules should be removed. \n By default, when + creating a VPC, AWS creates a security group called + `default` with ingress and egress rules that allow + traffic from anywhere. The group could be used as + a potential surface attack and it's generally suggested + that the group rules are removed or modified appropriately. + \n NOTE: This only applies when the VPC is managed + by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider + should use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet + gateway associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be + used for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this + provider should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool + this provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR + you want to allocate to VPC from an Amazon VPC + IP Address Manager (IPAM) pool. Defaults to + /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings + for the network. Supported only in managed clusters. + This field cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided + by Amazon when VPC has enabled IPv6. Mutually + exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the + id of the egress only internet gateway associated + with an IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool + to be used for VPC. Mutually exclusive with + CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool + this provider should use to create VPC. + type: string + name: + description: Name is the name of the IPAM + pool this provider should use to create + VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 + CIDR you want to allocate to VPC from an + Amazon VPC IP Address Manager (IPAM) pool. + Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must + be defined in case of BYO IP is defined. Must + be specified if CidrBlock is set. Mutually exclusive + with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the + type of hostname to assign to instances in the subnet + at launch. For IPv4-only and dual-stack (IPv4 and + IPv6) subnets, an instance DNS name can be based + on the instance IPv4 address (ip-name) or the instance + ID (resource-name). For IPv6 only subnets, an instance + DNS name must be based on the instance ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + partition: + description: Partition is the AWS security partition being + used. Defaults to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting + S3 bucket for this cluster - currently used for nodes requiring + Ignition (https://coreos.github.io/ignition/) for bootstrapping + (requires BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name + of the IAMInstanceProfile, which will be allowed to + read control-plane node bootstrap data from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM + instance profiles, which will be allowed to read worker + nodes bootstrap data from S3 Bucket. + items: + type: string + type: array + presignedURLDuration: + description: "PresignedURLDuration defines the duration + for which presigned URLs are valid. \n This is used + to generate presigned URLs for S3 Bucket objects, which + are used by control-plane and worker nodes to fetch + bootstrap data. \n When enabled, the IAM instance profiles + specified are not used." + type: string + required: + - name + type: object + secondaryControlPlaneLoadBalancer: + description: "SecondaryControlPlaneLoadBalancer is an additional + load balancer that can be used for the control plane. \n + An example use case is to have a separate internal load + balancer for internal traffic, and a separate external load + balancer for external traffic." + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired + state of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the + additional listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning + issue solution that adds the NLB's address as 127.0.0.1 + to the hosts file of each instance. This is by default, + false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for ELB health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the + control plane load balancer. + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load + balancer. The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if + preservation of client ips must be retained or not. + If this is enabled 6443 will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the bastion host. Valid values are empty string (do not + use SSH keys), a valid SSH key name, or omitted (use the + default SSH key name) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsfargateprofiles.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSFargateProfile + listKind: AWSFargateProfileList + plural: awsfargateprofiles + shortNames: + - awsfp + singular: awsfargateprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AWSFargateProfile ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EKS Fargate profile name + jsonPath: .spec.profileName + name: ProfileName + type: string + - description: Failure reason + jsonPath: .status.failureReason + name: FailureReason + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSFargateProfile is the Schema for the awsfargateprofiles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FargateProfileSpec defines the desired state of FargateProfile. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + profileName: + description: ProfileName specifies the profile name. + type: string + roleName: + description: RoleName specifies the name of IAM role for this fargate + pool If the role is pre-existing we will treat it as unmanaged and + not delete it on deletion. If the EKSEnableIAM feature flag is true + and no name is supplied then a role is created. + type: string + selectors: + description: Selectors specify fargate pod selectors. + items: + description: FargateSelector specifies a selector for pods that + should run on this fargate pool. + properties: + labels: + additionalProperties: + type: string + description: Labels specifies which pod labels this selector + should match. + type: object + namespace: + description: Namespace specifies which namespace this selector + should match. + type: string + type: object + type: array + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup. + items: + type: string + type: array + required: + - clusterName + type: object + status: + description: FargateProfileStatus defines the observed state of FargateProfile. + properties: + conditions: + description: Conditions defines current state of the Fargate profile. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the FargateProfile's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of FargateProfiles can + be added as events to the FargateProfile object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the FargateProfile's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of FargateProfiles can be added + as events to the FargateProfile object and/or logged in the controller's + output." + type: string + ready: + default: false + description: Ready denotes that the FargateProfile is available. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: AWSFargateProfile ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EKS Fargate profile name + jsonPath: .spec.profileName + name: ProfileName + type: string + - description: Failure reason + jsonPath: .status.failureReason + name: FailureReason + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSFargateProfile is the Schema for the awsfargateprofiles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FargateProfileSpec defines the desired state of FargateProfile. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + profileName: + description: ProfileName specifies the profile name. + type: string + roleName: + description: RoleName specifies the name of IAM role for this fargate + pool If the role is pre-existing we will treat it as unmanaged and + not delete it on deletion. If the EKSEnableIAM feature flag is true + and no name is supplied then a role is created. + type: string + selectors: + description: Selectors specify fargate pod selectors. + items: + description: FargateSelector specifies a selector for pods that + should run on this fargate pool. + properties: + labels: + additionalProperties: + type: string + description: Labels specifies which pod labels this selector + should match. + type: object + namespace: + description: Namespace specifies which namespace this selector + should match. + type: string + type: object + type: array + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup. + items: + type: string + type: array + required: + - clusterName + type: object + status: + description: FargateProfileStatus defines the observed state of FargateProfile. + properties: + conditions: + description: Conditions defines current state of the Fargate profile. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the FargateProfile's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of FargateProfiles can + be added as events to the FargateProfile object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the FargateProfile's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of FargateProfiles can be added + as events to the FargateProfile object and/or logged in the controller's + output." + type: string + ready: + default: false + description: Ready denotes that the FargateProfile is available. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachinePool + listKind: AWSMachinePoolList + plural: awsmachinepools + shortNames: + - awsmp + singular: awsmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Machine ready status + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Minimum instanes in ASG + jsonPath: .spec.minSize + name: MinSize + type: integer + - description: Maximum instanes in ASG + jsonPath: .spec.maxSize + name: MaxSize + type: integer + - description: Launch Template ID + jsonPath: .status.launchTemplateID + name: LaunchTemplate ID + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachinePool is the Schema for the awsmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + type: object + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template and version + to use when an instance is launched. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityRebalance: + description: Enable or disable the capacity rebalance autoscaling + group feature + type: boolean + defaultCoolDown: + description: The amount of time, in seconds, after a scaling activity + completes before another scaling activity can start. If no value + is supplied by user a default value of 300 seconds is set + type: string + maxSize: + default: 1 + description: MaxSize defines the maximum size of the group. + format: int32 + minimum: 1 + type: integer + minSize: + default: 1 + description: MinSize defines the minimum size of the group. + format: int32 + minimum: 0 + type: integer + mixedInstancesPolicy: + description: MixedInstancesPolicy describes how multiple instance + types will be used by the ASG. + properties: + instancesDistribution: + description: InstancesDistribution to configure distribution of + On-Demand Instances and Spot Instances. + properties: + onDemandAllocationStrategy: + default: prioritized + description: OnDemandAllocationStrategy indicates how to allocate + instance types to fulfill On-Demand capacity. + enum: + - prioritized + type: string + onDemandBaseCapacity: + default: 0 + format: int64 + type: integer + onDemandPercentageAboveBaseCapacity: + default: 100 + format: int64 + type: integer + spotAllocationStrategy: + default: lowest-price + description: SpotAllocationStrategy indicates how to allocate + instances across Spot Instance pools. + enum: + - lowest-price + - capacity-optimized + type: string + type: object + overrides: + items: + description: Overrides are used to override the instance type + specified by the launch template with multiple instance types + that can be used to launch On-Demand Instances and Spot Instances. + properties: + instanceType: + type: string + required: + - instanceType + type: object + type: array + type: object + providerID: + description: ProviderID is the ARN of the associated ASG + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + refreshPreferences: + description: RefreshPreferences describes set of preferences associated + with the instance refresh request. + properties: + instanceWarmup: + description: The number of seconds until a newly launched instance + is configured and ready to use. During this time, the next replacement + will not be initiated. The default is to use the value for the + health check grace period defined for the group. + format: int64 + type: integer + minHealthyPercentage: + description: The amount of capacity as a percentage in ASG that + must remain healthy during an instance refresh. The default + is 90. + format: int64 + type: integer + strategy: + description: The strategy to use for the instance refresh. The + only valid value is Rolling. A rolling update is an update that + is applied to all instances in an Auto Scaling group until all + instances have been updated. + type: string + type: object + subnets: + description: Subnets is an array of subnet configurations + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + required: + - awsLaunchTemplate + - maxSize + - minSize + type: object + status: + description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. + properties: + asgStatus: + description: ASGStatus is a status string returned by the autoscaling + API. + type: string + conditions: + description: Conditions defines current service state of the AWSMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: AWSMachinePoolInstanceStatus defines the status of + the AWSMachinePoolInstance. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within ASG + type: string + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Machine ready status + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Minimum instanes in ASG + jsonPath: .spec.minSize + name: MinSize + type: integer + - description: Maximum instanes in ASG + jsonPath: .spec.maxSize + name: MaxSize + type: integer + - description: Launch Template ID + jsonPath: .status.launchTemplateID + name: LaunchTemplate ID + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachinePool is the Schema for the awsmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + type: object + availabilityZoneSubnetType: + description: AvailabilityZoneSubnetType specifies which type of subnets + to use when an availability zone is specified. + enum: + - public + - private + - all + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template and version + to use when an instance is launched. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions defines the behavior for + applying metadata to instances. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityRebalance: + description: Enable or disable the capacity rebalance autoscaling + group feature + type: boolean + defaultCoolDown: + description: The amount of time, in seconds, after a scaling activity + completes before another scaling activity can start. If no value + is supplied by user a default value of 300 seconds is set + type: string + defaultInstanceWarmup: + description: The amount of time, in seconds, until a new instance + is considered to have finished initializing and resource consumption + to become stable after it enters the InService state. If no value + is supplied by user a default value of 300 seconds is set + type: string + maxSize: + default: 1 + description: MaxSize defines the maximum size of the group. + format: int32 + minimum: 1 + type: integer + minSize: + default: 1 + description: MinSize defines the minimum size of the group. + format: int32 + minimum: 0 + type: integer + mixedInstancesPolicy: + description: MixedInstancesPolicy describes how multiple instance + types will be used by the ASG. + properties: + instancesDistribution: + description: InstancesDistribution to configure distribution of + On-Demand Instances and Spot Instances. + properties: + onDemandAllocationStrategy: + default: prioritized + description: OnDemandAllocationStrategy indicates how to allocate + instance types to fulfill On-Demand capacity. + enum: + - prioritized + - lowest-price + type: string + onDemandBaseCapacity: + default: 0 + format: int64 + type: integer + onDemandPercentageAboveBaseCapacity: + default: 100 + format: int64 + type: integer + spotAllocationStrategy: + default: lowest-price + description: SpotAllocationStrategy indicates how to allocate + instances across Spot Instance pools. + enum: + - lowest-price + - capacity-optimized + - capacity-optimized-prioritized + - price-capacity-optimized + type: string + type: object + overrides: + items: + description: Overrides are used to override the instance type + specified by the launch template with multiple instance types + that can be used to launch On-Demand Instances and Spot Instances. + properties: + instanceType: + type: string + required: + - instanceType + type: object + type: array + type: object + providerID: + description: ProviderID is the ARN of the associated ASG + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + refreshPreferences: + description: RefreshPreferences describes set of preferences associated + with the instance refresh request. + properties: + disable: + description: Disable, if true, disables instance refresh from + triggering when new launch templates are detected. This is useful + in scenarios where ASG nodes are externally managed. + type: boolean + instanceWarmup: + description: The number of seconds until a newly launched instance + is configured and ready to use. During this time, the next replacement + will not be initiated. The default is to use the value for the + health check grace period defined for the group. + format: int64 + type: integer + minHealthyPercentage: + description: The amount of capacity as a percentage in ASG that + must remain healthy during an instance refresh. The default + is 90. + format: int64 + type: integer + strategy: + description: The strategy to use for the instance refresh. The + only valid value is Rolling. A rolling update is an update that + is applied to all instances in an Auto Scaling group until all + instances have been updated. + type: string + type: object + subnets: + description: Subnets is an array of subnet configurations + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + suspendProcesses: + description: SuspendProcesses defines a list of processes to suspend + for the given ASG. This is constantly reconciled. If a process is + removed from this list it will automatically be resumed. + properties: + all: + type: boolean + processes: + description: Processes defines the processes which can be enabled + or disabled individually. + properties: + addToLoadBalancer: + type: boolean + alarmNotification: + type: boolean + azRebalance: + type: boolean + healthCheck: + type: boolean + instanceRefresh: + type: boolean + launch: + type: boolean + replaceUnhealthy: + type: boolean + scheduledActions: + type: boolean + terminate: + type: boolean + type: object + type: object + required: + - awsLaunchTemplate + - maxSize + - minSize + type: object + status: + description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. + properties: + asgStatus: + description: ASGStatus is a status string returned by the autoscaling + API. + type: string + conditions: + description: Conditions defines current service state of the AWSMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: AWSMachinePoolInstanceStatus defines the status of + the AWSMachinePoolInstance. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within ASG + type: string + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachine + listKind: AWSMachineList + plural: awsmachines + shortNames: + - awsm + singular: awsmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: EC2 instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EC2 instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this AWSMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachine is the schema for Amazon EC2 machines. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineSpec defines the desired state of an Amazon EC2 + instance. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to + security groups that should be applied to the instance. These security + groups would be set in addition to any security groups defined at + the cluster level or in the actuator. It is possible to specify + either IDs of Filters. Using Filters will cause additional requests + to AWS API and if tags change the attached security groups might + change too. + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + arn: + description: 'ARN of resource. Deprecated: This field has no + function and is going to be removed in the next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + If both the AWSCluster and the AWSMachine specify the same tag name + with different values, the AWSMachine's value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look up + an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true will + not use AWS Secrets Manager or AWS Systems Manager Parameter + Store to ensure privacy of userdata. By default, a cloud-init + boothook shell script is prepended to download the userdata + from Secrets Manager and additionally delete the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used to form + the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret name. This + is stored temporarily, and deleted when the machine registers + as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage to distribute + secrets. By default or with the value of secrets-manager, will + use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. For + this infrastructure provider, the ID is equivalent to an AWS Availability + Zone. If multiple subnets are matched for the availability zone, + the first one returned is picked. + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile + to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition will be + used to generate bootstrap data. + enum: + - "2.3" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + the image for this machine It will be ignored if an explicit AMI + is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced by + kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use for + image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: + m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate with + the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for the + storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should get a + public IP. Precedence for this setting is as follows: 1. This field + if set 2. Cluster/flavor setting 3. Subnet default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options for + the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt the + volume. Can be either a KMS key ID or ARN. If Encrypted is set + and this is omitted, the default AWS key will be used. The key + must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for the + volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + instance. Valid values are empty string (do not use SSH keys), a + valid SSH key name, or omitted (use the default SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + arn: + description: 'ARN of resource. Deprecated: This field has no function + and is going to be removed in the next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by + the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared or + single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user data is + gzip-compressed before it is sent to ec2 instance. cloud-init has + built-in support for gzip-compressed user data user data stored + in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + status: + description: AWSMachineStatus defines the observed state of AWSMachine. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AWSMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this + machine. + type: string + interruptible: + description: Interruptible reports that this machine is using spot + instances and can therefore be interrupted by CAPI when it receives + a notice that the spot instance is to be terminated by AWS. This + will be set to true when SpotMarketOptions is not nil (i.e. this + machine is using a spot instance). + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: EC2 instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EC2 instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this AWSMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachine is the schema for Amazon EC2 machines. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineSpec defines the desired state of an Amazon EC2 + instance. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to + security groups that should be applied to the instance. These security + groups would be set in addition to any security groups defined at + the cluster level or in the actuator. It is possible to specify + either IDs of Filters. Using Filters will cause additional requests + to AWS API and if tags change the attached security groups might + change too. + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + If both the AWSCluster and the AWSMachine specify the same tag name + with different values, the AWSMachine's value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look up + an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true will + not use AWS Secrets Manager or AWS Systems Manager Parameter + Store to ensure privacy of userdata. By default, a cloud-init + boothook shell script is prepended to download the userdata + from Secrets Manager and additionally delete the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used to form + the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret name. This + is stored temporarily, and deleted when the machine registers + as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage to distribute + secrets. By default or with the value of secrets-manager, will + use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile + to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + storageType: + default: ClusterObjectStore + description: "StorageType defines how to store the boostrap user + data for Ignition. This can be used to instruct Ignition from + where to fetch the user data to bootstrap an instance. \n When + omitted, the storage option will default to ClusterObjectStore. + \n When set to \"ClusterObjectStore\", if the capability is + available and a Cluster ObjectStore configuration is correctly + provided in the Cluster object (under .spec.s3Bucket), an object + store will be used to store bootstrap user data. \n When set + to \"UnencryptedUserData\", EC2 Instance User Data will be used + to store the machine bootstrap user data, unencrypted. This + option is considered less secure than others as user data may + contain sensitive informations (keys, certificates, etc.) and + users with ec2:DescribeInstances permission or users running + pods that can access the ec2 metadata service have access to + this sensitive information. So this is only to be used at ones + own risk, and only when other more secure options are not viable." + enum: + - ClusterObjectStore + - UnencryptedUserData + type: string + version: + default: "2.3" + description: Version defines which version of Ignition will be + used to generate bootstrap data. + enum: + - "2.3" + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + the image for this machine It will be ignored if an explicit AMI + is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced by + kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use for + image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for the + EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint on + your instances. \n If you specify a value of disabled, you cannot + access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for instance + metadata requests. The larger the number, the further instance + metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to retrieve + instance metadata with or without a session token on your request. + If you retrieve the IAM role credentials without a token, the + version 1.0 role credentials are returned. If you retrieve the + IAM role credentials using a valid session token, the version + 2.0 role credentials are returned. \n If the state is required, + you must send a session token with any instance metadata retrieval + requests. In this state, retrieving the IAM role credentials + always returns the version 2.0 credentials; the version 1.0 + credentials are not available. \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off access + to instance tags from the instance metadata. For more information, + see Work with instance tags using the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. Example: + m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate with + the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for the + storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS AAAA + records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether to + respond to DNS queries for instance hostnames with DNS A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should get a + public IP. Precedence for this setting is as follows: 1. This field + if set 2. Cluster/flavor setting 3. Subnet default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options for + the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt the + volume. Can be either a KMS key ID or ARN. If Encrypted is set + and this is omitted, the default AWS key will be used. The key + must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for the + volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, etc...). + type: string + required: + - size + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for the node. This is optional - if not provided security + groups from the cluster will be used. + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + instance. Valid values are empty string (do not use SSH keys), a + valid SSH key name, or omitted (use the default SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by + the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared or + single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user data is + gzip-compressed before it is sent to ec2 instance. cloud-init has + built-in support for gzip-compressed user data user data stored + in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + status: + description: AWSMachineStatus defines the observed state of AWSMachine. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AWSMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this + machine. + type: string + interruptible: + description: Interruptible reports that this machine is using spot + instances and can therefore be interrupted by CAPI when it receives + a notice that the spot instance is to be terminated by AWS. This + will be set to true when SpotMarketOptions is not nil (i.e. this + machine is using a spot instance). + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachineTemplate + listKind: AWSMachineTemplateList + plural: awsmachinetemplates + shortNames: + - awsmt + singular: awsmachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. + properties: + template: + description: AWSMachineTemplateResource describes the data needed + to create am AWSMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instance. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + It is possible to specify either IDs of Filters. Using Filters + will cause additional requests to AWS API and if tags change + the attached security groups might change too. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters + may be specified. Specifying more than one will result + in a validation error. + properties: + arn: + description: 'ARN of resource. Deprecated: This field + has no function and is going to be removed in the + next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according + to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names + are case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the AWS provider. If both the AWSCluster and the AWSMachine + specify the same tag name with different values, the AWSMachine's + value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to + create the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will + look up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true + will not use AWS Secrets Manager or AWS Systems Manager + Parameter Store to ensure privacy of userdata. By default, + a cloud-init boothook shell script is prepended to download + the userdata from Secrets Manager and additionally delete + the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used + to form the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret + name. This is stored temporarily, and deleted when the + machine registers as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage + to distribute secrets. By default or with the value + of secrets-manager, will use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. For this infrastructure provider, the ID is equivalent + to an AWS Availability Zone. If multiple subnets are matched + for the availability zone, the first one returned is picked. + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance + profile to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition + will be used to generate bootstrap data. + enum: + - "2.3" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up the image for this machine It will be ignored if + an explicit AMI is set. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, + respectively. The BaseOS will be the value in ImageLookupBaseOS + or ubuntu (the default), and the kubernetes version as defined + by the packages produced by kubernetes/release without v + as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, + the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + use for image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate + with the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage + volumes. + items: + description: Volume encapsulates the configuration options + for the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should + be encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to + encrypt the volume. Can be either a KMS key ID or + ARN. If Encrypted is set and this is omitted, the + default AWS key will be used. The key must already + exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + type: array + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should + get a public IP. Precedence for this setting is as follows: + 1. This field if set 2. Cluster/flavor setting 3. Subnet + default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be + encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will + be used. The key must already exist and be accessible + by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the instance. Valid values are empty string (do not use + SSH keys), a valid SSH key name, or omitted (use the default + SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for + this instance. If not specified, the cluster subnet will + be used. + properties: + arn: + description: 'ARN of resource. Deprecated: This field + has no function and is going to be removed in the next + release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according to + the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user + data is gzip-compressed before it is sent to ec2 instance. + cloud-init has built-in support for gzip-compressed user + data user data stored in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. + properties: + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Capacity defines the resource capacity for this machine. + This value is used for autoscaling from zero operations as defined + in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md' + type: object + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. + properties: + template: + description: AWSMachineTemplateResource describes the data needed + to create am AWSMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instance. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + It is possible to specify either IDs of Filters. Using Filters + will cause additional requests to AWS API and if tags change + the attached security groups might change too. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters + may be specified. Specifying more than one will result + in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according + to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names + are case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the AWS provider. If both the AWSCluster and the AWSMachine + specify the same tag name with different values, the AWSMachine's + value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to + create the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will + look up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true + will not use AWS Secrets Manager or AWS Systems Manager + Parameter Store to ensure privacy of userdata. By default, + a cloud-init boothook shell script is prepended to download + the userdata from Secrets Manager and additionally delete + the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used + to form the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret + name. This is stored temporarily, and deleted when the + machine registers as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage + to distribute secrets. By default or with the value + of secrets-manager, will use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance + profile to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + storageType: + default: ClusterObjectStore + description: "StorageType defines how to store the boostrap + user data for Ignition. This can be used to instruct + Ignition from where to fetch the user data to bootstrap + an instance. \n When omitted, the storage option will + default to ClusterObjectStore. \n When set to \"ClusterObjectStore\", + if the capability is available and a Cluster ObjectStore + configuration is correctly provided in the Cluster object + (under .spec.s3Bucket), an object store will be used + to store bootstrap user data. \n When set to \"UnencryptedUserData\", + EC2 Instance User Data will be used to store the machine + bootstrap user data, unencrypted. This option is considered + less secure than others as user data may contain sensitive + informations (keys, certificates, etc.) and users with + ec2:DescribeInstances permission or users running pods + that can access the ec2 metadata service have access + to this sensitive information. So this is only to be + used at ones own risk, and only when other more secure + options are not viable." + enum: + - ClusterObjectStore + - UnencryptedUserData + type: string + version: + default: "2.3" + description: Version defines which version of Ignition + will be used to generate bootstrap data. + enum: + - "2.3" + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up the image for this machine It will be ignored if + an explicit AMI is set. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, + respectively. The BaseOS will be the value in ImageLookupBaseOS + or ubuntu (the default), and the kubernetes version as defined + by the packages produced by kubernetes/release without v + as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, + the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + use for image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options + for the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: + enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit + for instance metadata requests. The larger the number, + the further instance metadata requests can travel. \n + Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance + metadata requests. \n If the state is optional, you + can choose to retrieve instance metadata with or without + a session token on your request. If you retrieve the + IAM role credentials without a token, the version 1.0 + role credentials are returned. If you retrieve the IAM + role credentials using a valid session token, the version + 2.0 role credentials are returned. \n If the state is + required, you must send a session token with any instance + metadata retrieval requests. In this state, retrieving + the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not + available. \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance + tags from the instance metadata. Set to disabled to + turn off access to instance tags from the instance metadata. + For more information, see Work with instance tags using + the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate + with the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage + volumes. + items: + description: Volume encapsulates the configuration options + for the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should + be encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to + encrypt the volume. Can be either a KMS key ID or + ARN. If Encrypted is set and this is omitted, the + default AWS key will be used. The key must already + exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the + placement group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance + hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates + whether to respond to DNS queries for instance hostnames + with DNS AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with + DNS A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should + get a public IP. Precedence for this setting is as follows: + 1. This field if set 2. Cluster/flavor setting 3. Subnet + default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be + encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will + be used. The key must already exist and be accessible + by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of + security groups to use for the node. This is optional - + if not provided security groups from the cluster will be + used. + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the instance. Valid values are empty string (do not use + SSH keys), a valid SSH key name, or omitted (use the default + SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for + this instance. If not specified, the cluster subnet will + be used. + properties: + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according to + the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user + data is gzip-compressed before it is sent to ec2 instance. + cloud-init has built-in support for gzip-compressed user + data user data stored in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. + properties: + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Capacity defines the resource capacity for this machine. + This value is used for autoscaling from zero operations as defined + in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md' + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedCluster + listKind: AWSManagedClusterList + plural: awsmanagedclusters + shortNames: + - awsmc + singular: awsmanagedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedCluster is the Schema for the awsmanagedclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedClusterSpec defines the desired state of AWSManagedCluster + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AWSManagedClusterStatus defines the observed state of AWSManagedCluster + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + ready: + description: Ready is when the AWSManagedControlPlane has a API server + URL. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedControlPlane + listKind: AWSManagedControlPlaneList + plural: awsmanagedcontrolplanes + shortNames: + - awsmcp + singular: awsmanagedcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the control plane is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSManagedControlPlane is the schema for the Amazon EKS Managed + Control Plane API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedControlPlaneSpec defines the desired state of an + Amazon EKS Cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + addons: + description: Addons defines the EKS addons to enable with the EKS + cluster. + items: + description: Addon represents a EKS addon. + properties: + configuration: + description: Configuration of the EKS addon + type: string + conflictResolution: + default: none + description: ConflictResolution is used to declare what should + happen if there are parameter conflicts. Defaults to none + enum: + - overwrite + - none + type: string + name: + description: Name is the name of the addon + minLength: 2 + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of an IAM role + to bind to the addons service account + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - name + - version + type: object + type: array + associateOIDCProvider: + default: false + description: AssociateOIDCProvider can be enabled to automatically + create an identity provider for the controller for use with IAM + roles for service accounts + type: boolean + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableVPCCNI: + default: false + description: DisableVPCCNI indicates that the Amazon VPC CNI should + be disabled. With EKS clusters the Amazon VPC CNI is automatically + installed into the cluster. For clusters where you want to use an + alternate CNI this option provides a way to specify that the Amazon + VPC CNI should be deleted. You cannot set this to true if you are + using the Amazon VPC CNI addon. + type: boolean + eksClusterName: + description: EKSClusterName allows you to specify the name of the + EKS cluster in AWS. If you don't specify a name then a default name + will be created based on the namespace and name of the managed control + plane. + type: string + encryptionConfig: + description: EncryptionConfig specifies the encryption configuration + for the cluster + properties: + provider: + description: Provider specifies the ARN or alias of the CMK (in + AWS KMS) + type: string + resources: + description: Resources specifies the resources to be encrypted + items: + type: string + type: array + type: object + endpointAccess: + description: Endpoints specifies access to this cluster's control + plane endpoints + properties: + private: + description: Private points VPC-internal control plane access + to the private endpoint + type: boolean + public: + description: Public controls whether control plane endpoints are + publicly accessible + type: boolean + publicCIDRs: + description: PublicCIDRs specifies which blocks can access the + public endpoint + items: + type: string + type: array + type: object + iamAuthenticatorConfig: + description: IAMAuthenticatorConfig allows the specification of any + additional user or role mappings for use when generating the aws-iam-authenticator + configuration. If this is nil the default configuration is still + generated for the cluster. + properties: + mapRoles: + description: RoleMappings is a list of role mappings + items: + description: RoleMapping represents a mapping from a IAM role + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + rolearn: + description: RoleARN is the AWS ARN for the role to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - rolearn + - username + type: object + type: array + mapUsers: + description: UserMappings is a list of user mappings + items: + description: UserMapping represents a mapping from an IAM user + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + userarn: + description: UserARN is the AWS ARN for the user to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - userarn + - username + type: object + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + kubeProxy: + description: KubeProxy defines managed attributes of the kube-proxy + daemonset + properties: + disable: + default: false + description: Disable set to true indicates that kube-proxy should + be disabled. With EKS clusters kube-proxy is automatically installed + into the cluster. For clusters where you want to use kube-proxy + functionality that is provided with an alternate CNI, this option + provides a way to specify that the kube-proxy daemonset should + be deleted. You cannot set this to true if you are using the + Amazon kube-proxy addon. + type: boolean + type: object + logging: + description: Logging specifies which EKS Cluster logs should be enabled. + Entries for each of the enabled logs will be sent to CloudWatch + properties: + apiServer: + default: false + description: APIServer indicates if the Kubernetes API Server + log (kube-apiserver) shoulkd be enabled + type: boolean + audit: + default: false + description: Audit indicates if the Kubernetes API audit log should + be enabled + type: boolean + authenticator: + default: false + description: Authenticator indicates if the iam authenticator + log should be enabled + type: boolean + controllerManager: + default: false + description: ControllerManager indicates if the controller manager + (kube-controller-manager) log should be enabled + type: boolean + scheduler: + default: false + description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) + log should be enabled + type: boolean + required: + - apiServer + - audit + - authenticator + - controllerManager + - scheduler + type: object + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and egress + rules should be removed. \n By default, when creating a + VPC, AWS creates a security group called `default` with + ingress and egress rules that allow traffic from anywhere. + The group could be used as a potential surface attack and + it's generally suggested that the group rules are removed + or modified appropriately. \n NOTE: This only applies when + the VPC is managed by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the type of + hostname to assign to instances in the subnet at launch. + For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an + instance DNS name can be based on the instance IPv4 address + (ip-name) or the instance ID (resource-name). For IPv6 only + subnets, an instance DNS name must be based on the instance + ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + oidcIdentityProviderConfig: + description: IdentityProviderconfig is used to specify the oidc provider + config to be attached with this eks cluster + properties: + clientId: + description: This is also known as audience. The ID for the client + application that makes authentication requests to the OpenID + identity provider. + type: string + groupsClaim: + description: The JWT claim that the provider uses to return your + groups. + type: string + groupsPrefix: + description: 'The prefix that is prepended to group claims to + prevent clashes with existing names (such as system: groups). + For example, the valueoidc: will create group names like oidc:engineering + and oidc:infra.' + type: string + identityProviderConfigName: + description: "The name of the OIDC provider configuration. \n + IdentityProviderConfigName is a required field" + type: string + issuerUrl: + description: The URL of the OpenID identity provider that allows + the API server to discover public signing keys for verifying + tokens. The URL must begin with https:// and should correspond + to the iss claim in the provider's OIDC ID tokens. Per the OIDC + standard, path components are allowed but query parameters are + not. Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. This URL should point to the level below + .well-known/openid-configuration and must be publicly accessible + over the internet. + type: string + requiredClaims: + additionalProperties: + type: string + description: The key value pairs that describe required claims + in the identity token. If set, each claim is verified to be + present in the token with a matching value. For the maximum + number of claims that you can require, see Amazon EKS service + quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + in the Amazon EKS User Guide. + type: object + tags: + additionalProperties: + type: string + description: tags to apply to oidc identity provider association + type: object + usernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. + The default is sub, which is expected to be a unique identifier + of the end user. You can choose other claims, such as email + or name, depending on the OpenID identity provider. Claims other + than email are prefixed with the issuer URL to prevent naming + clashes with other plug-ins. + type: string + usernamePrefix: + description: The prefix that is prepended to username claims to + prevent clashes with existing names. If you do not provide this + field, and username is a value other than email, the prefix + defaults to issuerurl#. You can use the value - to disable all + prefixing. + type: string + type: object + region: + description: The AWS Region the cluster lives in. + type: string + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the control plane role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role that gives EKS + permission to make API calls. If the role is pre-existing we will + treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM + feature flag is true and no name is supplied then a role is created. + minLength: 2 + type: string + secondaryCidrBlock: + description: SecondaryCidrBlock is the additional CIDR range to use + for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + type: string + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + tokenMethod: + default: iam-authenticator + description: TokenMethod is used to specify the method for obtaining + a client token for communicating with EKS iam-authenticator - obtains + a client token using iam-authentictor aws-cli - obtains a client + token using the AWS CLI Defaults to iam-authenticator + enum: + - iam-authenticator + - aws-cli + type: string + version: + description: Version defines the desired Kubernetes version. If no + version number is supplied then the latest version of Kubernetes + that EKS supports will be used. + minLength: 2 + pattern: ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + type: string + vpcCni: + description: VpcCni is used to set configuration options for the VPC + CNI plugin + properties: + env: + description: Env defines a list of environment variables to apply + to the `aws-node` DaemonSet + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + description: AWSManagedControlPlaneStatus defines the observed state of + an Amazon EKS Cluster. + properties: + addons: + description: Addons holds the current status of the EKS addons + items: + description: AddonState represents the state of an addon. + properties: + arn: + description: ARN is the AWS ARN of the addon + type: string + createdAt: + description: CreatedAt is the date and time the addon was created + at + format: date-time + type: string + issues: + description: Issues is a list of issue associated with the addon + items: + description: AddonIssue represents an issue with an addon. + properties: + code: + description: Code is the issue code + type: string + message: + description: Message is the textual description of the + issue + type: string + resourceIds: + description: ResourceIDs is a list of resource ids for + the issue + items: + type: string + type: array + type: object + type: array + modifiedAt: + description: ModifiedAt is the date and time the addon was last + modified + format: date-time + type: string + name: + description: Name is the name of the addon + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of the IAM role + used for the service account + type: string + status: + description: Status is the status of the addon + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - arn + - name + - version + type: object + type: array + bastion: + description: Bastion holds details of the instance that is used as + a bastion jump box + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + identityProviderStatus: + description: IdentityProviderStatus holds the status for associated + identity provider + properties: + arn: + description: ARN holds the ARN of associated identity provider + type: string + status: + description: Status holds current status of associated identity + provider + type: string + type: object + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + networkStatus: + description: Networks holds details about the AWS networking resources + used by the control plane + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + secondaryAPIServerELB: + description: SecondaryAPIServerELB is the secondary Kubernetes + api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + oidcProvider: + description: OIDCProvider holds the status of the identity provider + for this cluster + properties: + arn: + description: ARN holds the ARN of the provider + type: string + trustPolicy: + description: TrustPolicy contains the boilerplate IAM trust policy + to use for IRSA + type: string + type: object + ready: + default: false + description: Ready denotes that the AWSManagedControlPlane API Server + is ready to receive requests and that the VPC infra is ready. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the control plane is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedControlPlane is the schema for the Amazon EKS Managed + Control Plane API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedControlPlaneSpec defines the desired state of an + Amazon EKS Cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + addons: + description: Addons defines the EKS addons to enable with the EKS + cluster. + items: + description: Addon represents a EKS addon. + properties: + configuration: + description: Configuration of the EKS addon + type: string + conflictResolution: + default: overwrite + description: ConflictResolution is used to declare what should + happen if there are parameter conflicts. Defaults to none + enum: + - overwrite + - none + type: string + name: + description: Name is the name of the addon + minLength: 2 + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of an IAM role + to bind to the addons service account + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - name + - version + type: object + type: array + associateOIDCProvider: + default: false + description: AssociateOIDCProvider can be enabled to automatically + create an identity provider for the controller for use with IAM + roles for service accounts + type: boolean + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + eksClusterName: + description: EKSClusterName allows you to specify the name of the + EKS cluster in AWS. If you don't specify a name then a default name + will be created based on the namespace and name of the managed control + plane. + type: string + encryptionConfig: + description: EncryptionConfig specifies the encryption configuration + for the cluster + properties: + provider: + description: Provider specifies the ARN or alias of the CMK (in + AWS KMS) + type: string + resources: + description: Resources specifies the resources to be encrypted + items: + type: string + type: array + type: object + endpointAccess: + description: Endpoints specifies access to this cluster's control + plane endpoints + properties: + private: + description: Private points VPC-internal control plane access + to the private endpoint + type: boolean + public: + description: Public controls whether control plane endpoints are + publicly accessible + type: boolean + publicCIDRs: + description: PublicCIDRs specifies which blocks can access the + public endpoint + items: + type: string + type: array + type: object + iamAuthenticatorConfig: + description: IAMAuthenticatorConfig allows the specification of any + additional user or role mappings for use when generating the aws-iam-authenticator + configuration. If this is nil the default configuration is still + generated for the cluster. + properties: + mapRoles: + description: RoleMappings is a list of role mappings + items: + description: RoleMapping represents a mapping from a IAM role + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + rolearn: + description: RoleARN is the AWS ARN for the role to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - rolearn + - username + type: object + type: array + mapUsers: + description: UserMappings is a list of user mappings + items: + description: UserMapping represents a mapping from an IAM user + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + userarn: + description: UserARN is the AWS ARN for the user to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - userarn + - username + type: object + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + kubeProxy: + description: KubeProxy defines managed attributes of the kube-proxy + daemonset + properties: + disable: + default: false + description: Disable set to true indicates that kube-proxy should + be disabled. With EKS clusters kube-proxy is automatically installed + into the cluster. For clusters where you want to use kube-proxy + functionality that is provided with an alternate CNI, this option + provides a way to specify that the kube-proxy daemonset should + be deleted. You cannot set this to true if you are using the + Amazon kube-proxy addon. + type: boolean + type: object + logging: + description: Logging specifies which EKS Cluster logs should be enabled. + Entries for each of the enabled logs will be sent to CloudWatch + properties: + apiServer: + default: false + description: APIServer indicates if the Kubernetes API Server + log (kube-apiserver) shoulkd be enabled + type: boolean + audit: + default: false + description: Audit indicates if the Kubernetes API audit log should + be enabled + type: boolean + authenticator: + default: false + description: Authenticator indicates if the iam authenticator + log should be enabled + type: boolean + controllerManager: + default: false + description: ControllerManager indicates if the controller manager + (kube-controller-manager) log should be enabled + type: boolean + scheduler: + default: false + description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) + log should be enabled + type: boolean + required: + - apiServer + - audit + - authenticator + - controllerManager + - scheduler + type: object + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and egress + rules should be removed. \n By default, when creating a + VPC, AWS creates a security group called `default` with + ingress and egress rules that allow traffic from anywhere. + The group could be used as a potential surface attack and + it's generally suggested that the group rules are removed + or modified appropriately. \n NOTE: This only applies when + the VPC is managed by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the type of + hostname to assign to instances in the subnet at launch. + For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an + instance DNS name can be based on the instance IPv4 address + (ip-name) or the instance ID (resource-name). For IPv6 only + subnets, an instance DNS name must be based on the instance + ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + oidcIdentityProviderConfig: + description: IdentityProviderconfig is used to specify the oidc provider + config to be attached with this eks cluster + properties: + clientId: + description: This is also known as audience. The ID for the client + application that makes authentication requests to the OpenID + identity provider. + type: string + groupsClaim: + description: The JWT claim that the provider uses to return your + groups. + type: string + groupsPrefix: + description: 'The prefix that is prepended to group claims to + prevent clashes with existing names (such as system: groups). + For example, the valueoidc: will create group names like oidc:engineering + and oidc:infra.' + type: string + identityProviderConfigName: + description: "The name of the OIDC provider configuration. \n + IdentityProviderConfigName is a required field" + type: string + issuerUrl: + description: The URL of the OpenID identity provider that allows + the API server to discover public signing keys for verifying + tokens. The URL must begin with https:// and should correspond + to the iss claim in the provider's OIDC ID tokens. Per the OIDC + standard, path components are allowed but query parameters are + not. Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. This URL should point to the level below + .well-known/openid-configuration and must be publicly accessible + over the internet. + type: string + requiredClaims: + additionalProperties: + type: string + description: The key value pairs that describe required claims + in the identity token. If set, each claim is verified to be + present in the token with a matching value. For the maximum + number of claims that you can require, see Amazon EKS service + quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + in the Amazon EKS User Guide. + type: object + tags: + additionalProperties: + type: string + description: tags to apply to oidc identity provider association + type: object + usernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. + The default is sub, which is expected to be a unique identifier + of the end user. You can choose other claims, such as email + or name, depending on the OpenID identity provider. Claims other + than email are prefixed with the issuer URL to prevent naming + clashes with other plug-ins. + type: string + usernamePrefix: + description: The prefix that is prepended to username claims to + prevent clashes with existing names. If you do not provide this + field, and username is a value other than email, the prefix + defaults to issuerurl#. You can use the value - to disable all + prefixing. + type: string + type: object + partition: + description: Partition is the AWS security partition being used. Defaults + to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the control plane role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role that gives EKS + permission to make API calls. If the role is pre-existing we will + treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM + feature flag is true and no name is supplied then a role is created. + minLength: 2 + type: string + secondaryCidrBlock: + description: SecondaryCidrBlock is the additional CIDR range to use + for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + type: string + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + tokenMethod: + default: iam-authenticator + description: TokenMethod is used to specify the method for obtaining + a client token for communicating with EKS iam-authenticator - obtains + a client token using iam-authentictor aws-cli - obtains a client + token using the AWS CLI Defaults to iam-authenticator + enum: + - iam-authenticator + - aws-cli + type: string + version: + description: Version defines the desired Kubernetes version. If no + version number is supplied then the latest version of Kubernetes + that EKS supports will be used. + minLength: 2 + pattern: ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + type: string + vpcCni: + description: VpcCni is used to set configuration options for the VPC + CNI plugin + properties: + disable: + default: false + description: Disable indicates that the Amazon VPC CNI should + be disabled. With EKS clusters the Amazon VPC CNI is automatically + installed into the cluster. For clusters where you want to use + an alternate CNI this option provides a way to specify that + the Amazon VPC CNI should be deleted. You cannot set this to + true if you are using the Amazon VPC CNI addon. + type: boolean + env: + description: Env defines a list of environment variables to apply + to the `aws-node` DaemonSet + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + description: AWSManagedControlPlaneStatus defines the observed state of + an Amazon EKS Cluster. + properties: + addons: + description: Addons holds the current status of the EKS addons + items: + description: AddonState represents the state of an addon. + properties: + arn: + description: ARN is the AWS ARN of the addon + type: string + createdAt: + description: CreatedAt is the date and time the addon was created + at + format: date-time + type: string + issues: + description: Issues is a list of issue associated with the addon + items: + description: AddonIssue represents an issue with an addon. + properties: + code: + description: Code is the issue code + type: string + message: + description: Message is the textual description of the + issue + type: string + resourceIds: + description: ResourceIDs is a list of resource ids for + the issue + items: + type: string + type: array + type: object + type: array + modifiedAt: + description: ModifiedAt is the date and time the addon was last + modified + format: date-time + type: string + name: + description: Name is the name of the addon + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of the IAM role + used for the service account + type: string + status: + description: Status is the status of the addon + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - arn + - name + - version + type: object + type: array + bastion: + description: Bastion holds details of the instance that is used as + a bastion jump box + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + identityProviderStatus: + description: IdentityProviderStatus holds the status for associated + identity provider + properties: + arn: + description: ARN holds the ARN of associated identity provider + type: string + status: + description: Status holds current status of associated identity + provider + type: string + type: object + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + networkStatus: + description: Networks holds details about the AWS networking resources + used by the control plane + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + secondaryAPIServerELB: + description: SecondaryAPIServerELB is the secondary Kubernetes + api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + oidcProvider: + description: OIDCProvider holds the status of the identity provider + for this cluster + properties: + arn: + description: ARN holds the ARN of the provider + type: string + trustPolicy: + description: TrustPolicy contains the boilerplate IAM trust policy + to use for IRSA + type: string + type: object + ready: + default: false + description: Ready denotes that the AWSManagedControlPlane API Server + is ready to receive requests and that the VPC infra is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedMachinePool + listKind: AWSManagedMachinePoolList + plural: awsmanagedmachinepools + shortNames: + - awsmmp + singular: awsmanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSManagedMachinePool is the Schema for the awsmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + amiType: + default: AL2_x86_64 + description: AMIType defines the AMI type + enum: + - AL2_x86_64 + - AL2_x86_64_GPU + - AL2_ARM_64 + - CUSTOM + type: string + amiVersion: + description: AMIVersion defines the desired AMI release version. If + no version number is supplied then the latest version for the Kubernetes + version will be used + minLength: 2 + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template to use + to create the managed node group. If AWSLaunchTemplate is specified, + certain node group configuraions outside of launch template are + prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityType: + default: onDemand + description: CapacityType specifies the capacity type for the ASG + behind this pool + enum: + - onDemand + - spot + type: string + diskSize: + description: DiskSize specifies the root disk size + format: int32 + type: integer + eksNodegroupName: + description: EKSNodegroupName specifies the name of the nodegroup + in AWS corresponding to this MachinePool. If you don't specify a + name then a default name will be created based on the namespace + and name of the managed machine pool. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + autoscaling group corresponding to the nodegroup represented by + this machine pool + items: + type: string + type: array + remoteAccess: + description: RemoteAccess specifies how machines can be accessed remotely + properties: + public: + description: Public specifies whether to open port 22 to the public + internet + type: boolean + sourceSecurityGroups: + description: SourceSecurityGroups specifies which security groups + are allowed access + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies which EC2 SSH key can be used + to access machines. If left empty, the key from the control + plane is used. + type: string + type: object + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the node group role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role for the node + group. If the role is pre-existing we will treat it as unmanaged + and not delete it on deletion. If the EKSEnableIAM feature flag + is true and no name is supplied then a role is created. + type: string + scaling: + description: Scaling specifies scaling for the ASG behind this pool + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup + items: + type: string + type: array + taints: + description: Taints specifies the taints to apply to the nodes of + the machine pool + items: + description: Taint defines the specs for a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - no-schedule + - no-execute + - prefer-no-schedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + updateConfig: + description: UpdateConfig holds the optional config to control the + behaviour of the update to the nodegroup. + properties: + maxUnavailable: + description: MaxUnavailable is the maximum number of nodes unavailable + at once during a version update. Nodes will be updated in parallel. + The maximum number is 100. + maximum: 100 + minimum: 1 + type: integer + maxUnavailablePrecentage: + description: MaxUnavailablePercentage is the maximum percentage + of nodes unavailable during a version update. This percentage + of nodes will be updated in parallel, up to 100 nodes at once. + maximum: 100 + minimum: 1 + type: integer + type: object + type: object + status: + description: AWSManagedMachinePoolStatus defines the observed state of + AWSManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + default: false + description: Ready denotes that the AWSManagedMachinePool nodegroup + has joined the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedMachinePool is the Schema for the awsmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + amiType: + default: AL2_x86_64 + description: AMIType defines the AMI type + enum: + - AL2_x86_64 + - AL2_x86_64_GPU + - AL2_ARM_64 + - CUSTOM + type: string + amiVersion: + description: AMIVersion defines the desired AMI release version. If + no version number is supplied then the latest version for the Kubernetes + version will be used + minLength: 2 + type: string + availabilityZoneSubnetType: + description: AvailabilityZoneSubnetType specifies which type of subnets + to use when an availability zone is specified. + enum: + - public + - private + - all + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template to use + to create the managed node group. If AWSLaunchTemplate is specified, + certain node group configuraions outside of launch template are + prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions defines the behavior for + applying metadata to instances. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityType: + default: onDemand + description: CapacityType specifies the capacity type for the ASG + behind this pool + enum: + - onDemand + - spot + type: string + diskSize: + description: DiskSize specifies the root disk size + format: int32 + type: integer + eksNodegroupName: + description: EKSNodegroupName specifies the name of the nodegroup + in AWS corresponding to this MachinePool. If you don't specify a + name then a default name will be created based on the namespace + and name of the managed machine pool. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + autoscaling group corresponding to the nodegroup represented by + this machine pool + items: + type: string + type: array + remoteAccess: + description: RemoteAccess specifies how machines can be accessed remotely + properties: + public: + description: Public specifies whether to open port 22 to the public + internet + type: boolean + sourceSecurityGroups: + description: SourceSecurityGroups specifies which security groups + are allowed access + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies which EC2 SSH key can be used + to access machines. If left empty, the key from the control + plane is used. + type: string + type: object + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the node group role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role for the node + group. If the role is pre-existing we will treat it as unmanaged + and not delete it on deletion. If the EKSEnableIAM feature flag + is true and no name is supplied then a role is created. + type: string + scaling: + description: Scaling specifies scaling for the ASG behind this pool + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup + items: + type: string + type: array + taints: + description: Taints specifies the taints to apply to the nodes of + the machine pool + items: + description: Taint defines the specs for a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - no-schedule + - no-execute + - prefer-no-schedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + updateConfig: + description: UpdateConfig holds the optional config to control the + behaviour of the update to the nodegroup. + properties: + maxUnavailable: + description: MaxUnavailable is the maximum number of nodes unavailable + at once during a version update. Nodes will be updated in parallel. + The maximum number is 100. + maximum: 100 + minimum: 1 + type: integer + maxUnavailablePercentage: + description: MaxUnavailablePercentage is the maximum percentage + of nodes unavailable during a version update. This percentage + of nodes will be updated in parallel, up to 100 nodes at once. + maximum: 100 + minimum: 1 + type: integer + type: object + type: object + status: + description: AWSManagedMachinePoolStatus defines the observed state of + AWSManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + default: false + description: Ready denotes that the AWSManagedMachinePool nodegroup + has joined the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: eksconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: EKSConfig + listKind: EKSConfigList + plural: eksconfigs + shortNames: + - eksc + singular: eksconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Bootstrap configuration is ready + jsonPath: .status.ready + name: Ready + type: string + - description: Name of Secret containing bootstrap data + jsonPath: .status.dataSecretName + name: DataSecretName + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: EKSConfig is the schema for the Amazon EKS Machine Bootstrap + Configuration API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigSpec defines the desired state of Amazon EKS Bootstrap + Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts for + AWS API call. + type: integer + containerRuntime: + description: ContainerRuntime specify the container runtime to use + when bootstrapping EKS. + type: string + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use for DNS + queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of the /etc/docker/daemon.json + file. Useful if you want a custom config differing from the default + one in the AMI. This is expected to be a json string. + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet args into + the Amazon EKS machine bootstrap script + type: object + pauseContainer: + description: PauseContainer allows customization of the pause container + to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to pull the + pause container from. + type: string + version: + description: Version is the tag of the pause container to use. + type: string + required: + - accountNumber + - version + type: object + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the cluster. + If this is specified then the ip family will be set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when true. + type: boolean + type: object + status: + description: EKSConfigStatus defines the observed state of the Amazon + EKS Bootstrap Configuration. + properties: + conditions: + description: Conditions defines current service state of the EKSConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData secret is ready to + be consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Bootstrap configuration is ready + jsonPath: .status.ready + name: Ready + type: string + - description: Name of Secret containing bootstrap data + jsonPath: .status.dataSecretName + name: DataSecretName + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: EKSConfig is the schema for the Amazon EKS Machine Bootstrap + Configuration API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigSpec defines the desired state of Amazon EKS Bootstrap + Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts for + AWS API call. + type: integer + boostrapCommandOverride: + description: BootstrapCommandOverride allows you to override the bootstrap + command to use for EKS nodes. + type: string + containerRuntime: + description: ContainerRuntime specify the container runtime to use + when bootstrapping EKS. + type: string + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use for DNS + queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of the /etc/docker/daemon.json + file. Useful if you want a custom config differing from the default + one in the AMI. This is expected to be a json string. + type: string + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet args into + the Amazon EKS machine bootstrap script + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + pauseContainer: + description: PauseContainer allows customization of the pause container + to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to pull the + pause container from. + type: string + version: + description: Version is the tag of the pause container to use. + type: string + required: + - accountNumber + - version + type: object + postBootstrapCommands: + description: PostBootstrapCommands specifies extra commands to run + after bootstrapping nodes to the cluster + items: + type: string + type: array + preBootstrapCommands: + description: PreBootstrapCommands specifies extra commands to run + before bootstrapping nodes to the cluster + items: + type: string + type: array + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the cluster. + If this is specified then the ip family will be set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when true. + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the username + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + type: object + status: + description: EKSConfigStatus defines the observed state of the Amazon + EKS Bootstrap Configuration. + properties: + conditions: + description: Conditions defines current service state of the EKSConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData secret is ready to + be consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: eksconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: EKSConfigTemplate + listKind: EKSConfigTemplateList + plural: eksconfigtemplates + shortNames: + - eksct + singular: eksconfigtemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigTemplateSpec defines the desired state of templated + EKSConfig Amazon EKS Bootstrap Configuration resources. + properties: + template: + description: EKSConfigTemplateResource defines the Template structure. + properties: + spec: + description: EKSConfigSpec defines the desired state of Amazon + EKS Bootstrap Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts + for AWS API call. + type: integer + containerRuntime: + description: ContainerRuntime specify the container runtime + to use when bootstrapping EKS. + type: string + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use + for DNS queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of + the /etc/docker/daemon.json file. Useful if you want a custom + config differing from the default one in the AMI. This is + expected to be a json string. + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet + args into the Amazon EKS machine bootstrap script + type: object + pauseContainer: + description: PauseContainer allows customization of the pause + container to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to + pull the pause container from. + type: string + version: + description: Version is the tag of the pause container + to use. + type: string + required: + - accountNumber + - version + type: object + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the + cluster. If this is specified then the ip family will be + set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when + true. + type: boolean + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigTemplateSpec defines the desired state of templated + EKSConfig Amazon EKS Bootstrap Configuration resources. + properties: + template: + description: EKSConfigTemplateResource defines the Template structure. + properties: + spec: + description: EKSConfigSpec defines the desired state of Amazon + EKS Bootstrap Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts + for AWS API call. + type: integer + boostrapCommandOverride: + description: BootstrapCommandOverride allows you to override + the bootstrap command to use for EKS nodes. + type: string + containerRuntime: + description: ContainerRuntime specify the container runtime + to use when bootstrapping EKS. + type: string + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use + for DNS queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of + the /etc/docker/daemon.json file. Useful if you want a custom + config differing from the default one in the AMI. This is + expected to be a json string. + type: string + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet + args into the Amazon EKS machine bootstrap script + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + pauseContainer: + description: PauseContainer allows customization of the pause + container to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to + pull the pause container from. + type: string + version: + description: Version is the tag of the pause container + to use. + type: string + required: + - accountNumber + - version + type: object + postBootstrapCommands: + description: PostBootstrapCommands specifies extra commands + to run after bootstrapping nodes to the cluster + items: + type: string + type: array + preBootstrapCommands: + description: PreBootstrapCommands specifies extra commands + to run before bootstrapping nodes to the cluster + items: + type: string + type: array + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the + cluster. If this is specified then the ip family will be + set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when + true. + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the username + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: rosaclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ROSACluster + listKind: ROSAClusterList + plural: rosaclusters + shortNames: + - rosac + singular: rosacluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: ROSAClusterStatus defines the observed state of ROSACluster + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + ready: + description: Ready is when the ROSAControlPlane has a API server URL. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: rosacontrolplanes.controlplane.cluster.x-k8s.io +spec: + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ROSAControlPlane + listKind: ROSAControlPlaneList + plural: rosacontrolplanes + shortNames: + - rosacp + singular: rosacontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this RosaControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Autoscaling specifies auto scaling behaviour for the + MachinePools. + properties: + maxReplicas: + minimum: 1 + type: integer + minReplicas: + minimum: 1 + type: integer + type: object + availabilityZones: + description: AWS AvailabilityZones of the worker nodes should match + the AvailabilityZones of the Subnets. + items: + type: string + type: array + billingAccount: + description: BillingAccount is an optional AWS account to use for + billing the subscription fees for ROSA clusters. The cost of running + each ROSA cluster will be billed to the infrastructure account in + which the cluster is running. + type: string + x-kubernetes-validations: + - message: billingAccount is immutable + rule: self == oldSelf + - message: billingAccount must be a valid AWS account ID + rule: self.matches('^[0-9]{12}$') + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsSecretRef: + description: 'CredentialsSecretRef references a secret with necessary + credentials to connect to the OCM API. The secret should contain + the following data keys: - ocmToken: eyJhbGciOiJIUzI1NiIsI.... - + ocmApiUrl: Optional, defaults to ''https://api.openshift.com''' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + installerRoleARN: + description: 'TODO: these are to satisfy ocm sdk. Explore how to drop + them.' + type: string + instanceType: + description: The instance type to use, for example `r5.xlarge`. Instance + type ref; https://aws.amazon.com/ec2/instance-types/ + type: string + network: + description: Network config for the ROSA HCP cluster. + properties: + hostPrefix: + default: 23 + description: Network host prefix which is defaulted to `23` if + not specified. + type: integer + machineCIDR: + description: IP addresses block used by OpenShift while installing + the cluster, for example "10.0.0.0/16". + format: cidr + type: string + networkType: + default: OVNKubernetes + description: The CNI network type default is OVNKubernetes. + enum: + - OVNKubernetes + - Other + type: string + podCIDR: + description: IP address block from which to assign pod IP addresses, + for example `10.128.0.0/14`. + format: cidr + type: string + serviceCIDR: + description: IP address block from which to assign service IP + addresses, for example `172.30.0.0/16`. + format: cidr + type: string + type: object + oidcID: + description: The ID of the OpenID Connect Provider. + type: string + region: + description: The AWS Region the cluster lives in. + type: string + rolesRef: + description: AWS IAM roles used to perform credential requests by + the openshift operators. + properties: + controlPlaneOperatorARN: + description: "ControlPlaneOperatorARN is an ARN value referencing + a role appropriate for the Control Plane Operator. \n The following + is an example of a valid policy document: \n { \"Version\": + \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": + [ \"ec2:CreateVpcEndpoint\", \"ec2:DescribeVpcEndpoints\", \"ec2:ModifyVpcEndpoint\", + \"ec2:DeleteVpcEndpoints\", \"ec2:CreateTags\", \"route53:ListHostedZones\", + \"ec2:CreateSecurityGroup\", \"ec2:AuthorizeSecurityGroupIngress\", + \"ec2:AuthorizeSecurityGroupEgress\", \"ec2:DeleteSecurityGroup\", + \"ec2:RevokeSecurityGroupIngress\", \"ec2:RevokeSecurityGroupEgress\", + \"ec2:DescribeSecurityGroups\", \"ec2:DescribeVpcs\", ], \"Resource\": + \"*\" }, { \"Effect\": \"Allow\", \"Action\": [ \"route53:ChangeResourceRecordSets\", + \"route53:ListResourceRecordSets\" ], \"Resource\": \"arn:aws:route53:::%s\" + } ] }" + type: string + imageRegistryARN: + description: "ImageRegistryARN is an ARN value referencing a role + appropriate for the Image Registry Operator. \n The following + is an example of a valid policy document: \n { \"Version\": + \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": + [ \"s3:CreateBucket\", \"s3:DeleteBucket\", \"s3:PutBucketTagging\", + \"s3:GetBucketTagging\", \"s3:PutBucketPublicAccessBlock\", + \"s3:GetBucketPublicAccessBlock\", \"s3:PutEncryptionConfiguration\", + \"s3:GetEncryptionConfiguration\", \"s3:PutLifecycleConfiguration\", + \"s3:GetLifecycleConfiguration\", \"s3:GetBucketLocation\", + \"s3:ListBucket\", \"s3:GetObject\", \"s3:PutObject\", \"s3:DeleteObject\", + \"s3:ListBucketMultipartUploads\", \"s3:AbortMultipartUpload\", + \"s3:ListMultipartUploadParts\" ], \"Resource\": \"*\" } ] }" + type: string + ingressARN: + description: "The referenced role must have a trust relationship + that allows it to be assumed via web identity. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html. + Example: { \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": + \"Allow\", \"Principal\": { \"Federated\": \"{{ .ProviderARN + }}\" }, \"Action\": \"sts:AssumeRoleWithWebIdentity\", \"Condition\": + { \"StringEquals\": { \"{{ .ProviderName }}:sub\": {{ .ServiceAccounts + }} } } } ] } \n IngressARN is an ARN value referencing a role + appropriate for the Ingress Operator. \n The following is an + example of a valid policy document: \n { \"Version\": \"2012-10-17\", + \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": [ \"elasticloadbalancing:DescribeLoadBalancers\", + \"tag:GetResources\", \"route53:ListHostedZones\" ], \"Resource\": + \"*\" }, { \"Effect\": \"Allow\", \"Action\": [ \"route53:ChangeResourceRecordSets\" + ], \"Resource\": [ \"arn:aws:route53:::PUBLIC_ZONE_ID\", \"arn:aws:route53:::PRIVATE_ZONE_ID\" + ] } ] }" + type: string + kmsProviderARN: + type: string + kubeCloudControllerARN: + description: "KubeCloudControllerARN is an ARN value referencing + a role appropriate for the KCM/KCC. Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies + \n The following is an example of a valid policy document: \n + { \"Version\": \"2012-10-17\", \"Statement\": [ { \"Action\": + [ \"autoscaling:DescribeAutoScalingGroups\", \"autoscaling:DescribeLaunchConfigurations\", + \"autoscaling:DescribeTags\", \"ec2:DescribeAvailabilityZones\", + \"ec2:DescribeInstances\", \"ec2:DescribeImages\", \"ec2:DescribeRegions\", + \"ec2:DescribeRouteTables\", \"ec2:DescribeSecurityGroups\", + \"ec2:DescribeSubnets\", \"ec2:DescribeVolumes\", \"ec2:CreateSecurityGroup\", + \"ec2:CreateTags\", \"ec2:CreateVolume\", \"ec2:ModifyInstanceAttribute\", + \"ec2:ModifyVolume\", \"ec2:AttachVolume\", \"ec2:AuthorizeSecurityGroupIngress\", + \"ec2:CreateRoute\", \"ec2:DeleteRoute\", \"ec2:DeleteSecurityGroup\", + \"ec2:DeleteVolume\", \"ec2:DetachVolume\", \"ec2:RevokeSecurityGroupIngress\", + \"ec2:DescribeVpcs\", \"elasticloadbalancing:AddTags\", \"elasticloadbalancing:AttachLoadBalancerToSubnets\", + \"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer\", + \"elasticloadbalancing:CreateLoadBalancer\", \"elasticloadbalancing:CreateLoadBalancerPolicy\", + \"elasticloadbalancing:CreateLoadBalancerListeners\", \"elasticloadbalancing:ConfigureHealthCheck\", + \"elasticloadbalancing:DeleteLoadBalancer\", \"elasticloadbalancing:DeleteLoadBalancerListeners\", + \"elasticloadbalancing:DescribeLoadBalancers\", \"elasticloadbalancing:DescribeLoadBalancerAttributes\", + \"elasticloadbalancing:DetachLoadBalancerFromSubnets\", \"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\", + \"elasticloadbalancing:ModifyLoadBalancerAttributes\", \"elasticloadbalancing:RegisterInstancesWithLoadBalancer\", + \"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer\", + \"elasticloadbalancing:AddTags\", \"elasticloadbalancing:CreateListener\", + \"elasticloadbalancing:CreateTargetGroup\", \"elasticloadbalancing:DeleteListener\", + \"elasticloadbalancing:DeleteTargetGroup\", \"elasticloadbalancing:DeregisterTargets\", + \"elasticloadbalancing:DescribeListeners\", \"elasticloadbalancing:DescribeLoadBalancerPolicies\", + \"elasticloadbalancing:DescribeTargetGroups\", \"elasticloadbalancing:DescribeTargetHealth\", + \"elasticloadbalancing:ModifyListener\", \"elasticloadbalancing:ModifyTargetGroup\", + \"elasticloadbalancing:RegisterTargets\", \"elasticloadbalancing:SetLoadBalancerPoliciesOfListener\", + \"iam:CreateServiceLinkedRole\", \"kms:DescribeKey\" ], \"Resource\": + [ \"*\" ], \"Effect\": \"Allow\" } ] }" + type: string + networkARN: + description: "NetworkARN is an ARN value referencing a role appropriate + for the Network Operator. \n The following is an example of + a valid policy document: \n { \"Version\": \"2012-10-17\", \"Statement\": + [ { \"Effect\": \"Allow\", \"Action\": [ \"ec2:DescribeInstances\", + \"ec2:DescribeInstanceStatus\", \"ec2:DescribeInstanceTypes\", + \"ec2:UnassignPrivateIpAddresses\", \"ec2:AssignPrivateIpAddresses\", + \"ec2:UnassignIpv6Addresses\", \"ec2:AssignIpv6Addresses\", + \"ec2:DescribeSubnets\", \"ec2:DescribeNetworkInterfaces\" ], + \"Resource\": \"*\" } ] }" + type: string + nodePoolManagementARN: + description: "NodePoolManagementARN is an ARN value referencing + a role appropriate for the CAPI Controller. \n The following + is an example of a valid policy document: \n { \"Version\": + \"2012-10-17\", \"Statement\": [ { \"Action\": [ \"ec2:AssociateRouteTable\", + \"ec2:AttachInternetGateway\", \"ec2:AuthorizeSecurityGroupIngress\", + \"ec2:CreateInternetGateway\", \"ec2:CreateNatGateway\", \"ec2:CreateRoute\", + \"ec2:CreateRouteTable\", \"ec2:CreateSecurityGroup\", \"ec2:CreateSubnet\", + \"ec2:CreateTags\", \"ec2:DeleteInternetGateway\", \"ec2:DeleteNatGateway\", + \"ec2:DeleteRouteTable\", \"ec2:DeleteSecurityGroup\", \"ec2:DeleteSubnet\", + \"ec2:DeleteTags\", \"ec2:DescribeAccountAttributes\", \"ec2:DescribeAddresses\", + \"ec2:DescribeAvailabilityZones\", \"ec2:DescribeImages\", \"ec2:DescribeInstances\", + \"ec2:DescribeInternetGateways\", \"ec2:DescribeNatGateways\", + \"ec2:DescribeNetworkInterfaces\", \"ec2:DescribeNetworkInterfaceAttribute\", + \"ec2:DescribeRouteTables\", \"ec2:DescribeSecurityGroups\", + \"ec2:DescribeSubnets\", \"ec2:DescribeVpcs\", \"ec2:DescribeVpcAttribute\", + \"ec2:DescribeVolumes\", \"ec2:DetachInternetGateway\", \"ec2:DisassociateRouteTable\", + \"ec2:DisassociateAddress\", \"ec2:ModifyInstanceAttribute\", + \"ec2:ModifyNetworkInterfaceAttribute\", \"ec2:ModifySubnetAttribute\", + \"ec2:RevokeSecurityGroupIngress\", \"ec2:RunInstances\", \"ec2:TerminateInstances\", + \"tag:GetResources\", \"ec2:CreateLaunchTemplate\", \"ec2:CreateLaunchTemplateVersion\", + \"ec2:DescribeLaunchTemplates\", \"ec2:DescribeLaunchTemplateVersions\", + \"ec2:DeleteLaunchTemplate\", \"ec2:DeleteLaunchTemplateVersions\" + ], \"Resource\": [ \"*\" ], \"Effect\": \"Allow\" }, { \"Condition\": + { \"StringLike\": { \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\" + } }, \"Action\": [ \"iam:CreateServiceLinkedRole\" ], \"Resource\": + [ \"arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\" + ], \"Effect\": \"Allow\" }, { \"Action\": [ \"iam:PassRole\" + ], \"Resource\": [ \"arn:*:iam::*:role/*-worker-role\" ], \"Effect\": + \"Allow\" }, { \"Effect\": \"Allow\", \"Action\": [ \"kms:Decrypt\", + \"kms:ReEncrypt\", \"kms:GenerateDataKeyWithoutPlainText\", + \"kms:DescribeKey\" ], \"Resource\": \"*\" }, { \"Effect\": + \"Allow\", \"Action\": [ \"kms:CreateGrant\" ], \"Resource\": + \"*\", \"Condition\": { \"Bool\": { \"kms:GrantIsForAWSResource\": + true } } } ] }" + type: string + storageARN: + description: "StorageARN is an ARN value referencing a role appropriate + for the Storage Operator. \n The following is an example of + a valid policy document: \n { \"Version\": \"2012-10-17\", \"Statement\": + [ { \"Effect\": \"Allow\", \"Action\": [ \"ec2:AttachVolume\", + \"ec2:CreateSnapshot\", \"ec2:CreateTags\", \"ec2:CreateVolume\", + \"ec2:DeleteSnapshot\", \"ec2:DeleteTags\", \"ec2:DeleteVolume\", + \"ec2:DescribeInstances\", \"ec2:DescribeSnapshots\", \"ec2:DescribeTags\", + \"ec2:DescribeVolumes\", \"ec2:DescribeVolumesModifications\", + \"ec2:DetachVolume\", \"ec2:ModifyVolume\" ], \"Resource\": + \"*\" } ] }" + type: string + required: + - controlPlaneOperatorARN + - imageRegistryARN + - ingressARN + - kmsProviderARN + - kubeCloudControllerARN + - networkARN + - nodePoolManagementARN + - storageARN + type: object + rosaClusterName: + description: Cluster name must be valid DNS-1035 label, so it must + consist of lower case alphanumeric characters or '-', start with + an alphabetic character, end with an alphanumeric character and + have a max length of 15 characters. + maxLength: 15 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + x-kubernetes-validations: + - message: rosaClusterName is immutable + rule: self == oldSelf + subnets: + description: The Subnet IDs to use when installing the cluster. SubnetIDs + should come in pairs; two per availability zone, one private and + one public. + items: + type: string + type: array + supportRoleARN: + type: string + version: + description: OpenShift semantic version, for example "4.14.5". + type: string + x-kubernetes-validations: + - message: version must be a valid semantic version + rule: self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$') + workerRoleARN: + type: string + required: + - availabilityZones + - installerRoleARN + - oidcID + - region + - rolesRef + - rosaClusterName + - subnets + - supportRoleARN + - version + - workerRoleARN + type: object + status: + properties: + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + consoleURL: + description: ConsoleURL is the url for the openshift console. + type: string + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the state and will be set to a descriptive + error message. \n This field should not be set for transitive errors + that a controller faces that are expected to be fixed automatically + over time (like service outages), but instead indicate that something + is fundamentally wrong with the spec or the configuration of the + controller, and that manual intervention is required." + type: string + id: + description: ID is the cluster ID given by ROSA. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + oidcEndpointURL: + description: OIDCEndpointURL is the endpoint url for the managed OIDC + porvider. + type: string + ready: + default: false + description: Ready denotes that the ROSAControlPlane API Server is + ready to receive requests. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: rosamachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ROSAMachinePool + listKind: ROSAMachinePoolList + plural: rosamachinepools + shortNames: + - rosamp + singular: rosamachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta2 + schema: + openAPIV3Schema: + description: ROSAMachinePool is the Schema for the rosamachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RosaMachinePoolSpec defines the desired state of RosaMachinePool. + properties: + autoRepair: + default: false + description: AutoRepair specifies whether health checks should be + enabled for machines in the NodePool. The default is false. + type: boolean + autoscaling: + description: Autoscaling specifies auto scaling behaviour for this + MachinePool. required if Replicas is not configured + properties: + maxReplicas: + minimum: 1 + type: integer + minReplicas: + minimum: 1 + type: integer + type: object + availabilityZone: + description: AvailabilityZone is an optinal field specifying the availability + zone where instances of this machine pool should run For Multi-AZ + clusters, you can create a machine pool in a Single-AZ of your choice. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + nodePoolName: + description: NodePoolName specifies the name of the nodepool in Rosa + must be a valid DNS-1035 label, so it must consist of lower case + alphanumeric and have a max length of 15 characters. + maxLength: 15 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + x-kubernetes-validations: + - message: nodepoolName is immutable + rule: self == oldSelf + providerIDList: + description: ProviderIDList contain a ProviderID for each machine + instance that's currently managed by this machine pool. + items: + type: string + type: array + subnet: + type: string + version: + description: Version specifies the penshift version of the nodes associated + with this machinepool. ROSAControlPlane version is used if not set. + type: string + x-kubernetes-validations: + - message: version must be a valid semantic version + rule: self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$') + required: + - nodePoolName + type: object + status: + description: RosaMachinePoolStatus defines the observed state of RosaMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the state and will be set to a descriptive + error message. \n This field should not be set for transitive errors + that a controller faces that are expected to be fixed automatically + over time (like service outages), but instead indicate that something + is fundamentally wrong with the spec or the configuration of the + controller, and that manual intervention is required." + type: string + id: + description: ID is the ID given by ROSA. + type: string + ready: + default: false + description: Ready denotes that the RosaMachinePool nodepool has joined + the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + ${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn: arn} + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: controller-manager + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-leader-elect-role + namespace: capa-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - eksconfigs + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - eksconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machinepools + - machines + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes + - awsmanagedcontrolplanes/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes + - rosacontrolplanes/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclustercontrolleridentities + verbs: + - create + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclustercontrolleridentities + - awsclusterroleidentities + - awsclusterstaticidentities + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusterroleidentities + - awsclusterstaticidentities + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsfargateprofiles + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsfargateprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools + - awsmachinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + - awsmachines/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinetemplates + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters + - awsmanagedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools + - awsmanagedmachinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosaclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosaclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosamachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosamachinepools/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-leader-elect-rolebinding + namespace: capa-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capa-leader-elect-role +subjects: +- kind: ServiceAccount + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capa-manager-role +subjects: +- kind: ServiceAccount + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: v1 +data: + credentials: ${AWS_B64ENCODED_CREDENTIALS} +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-bootstrap-credentials + namespace: capa-system +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-metrics-service + namespace: capa-system +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: metrics + selector: + cluster.x-k8s.io/provider: infrastructure-aws + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-webhook-service + namespace: capa-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-aws +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + name: capa-controller-manager + namespace: capa-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + template: + metadata: + annotations: + iam.amazonaws.com/role: ${AWS_CONTROLLER_IAM_ROLE:=""} + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: ${K8S_CP_LABEL:=node-role.kubernetes.io/control-plane} + operator: Exists + weight: 10 + - preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + weight: 10 + containers: + - args: + - --leader-elect + - --feature-gates=EKS=${CAPA_EKS:=true},EKSEnableIAM=${CAPA_EKS_IAM:=false},EKSAllowAddRoles=${CAPA_EKS_ADD_ROLES:=false},EKSFargate=${EXP_EKS_FARGATE:=false},MachinePool=${EXP_MACHINE_POOL:=false},EventBridgeInstanceState=${EVENT_BRIDGE_INSTANCE_STATE:=false},AutoControllerIdentityCreator=${AUTO_CONTROLLER_IDENTITY_CREATOR:=true},BootstrapFormatIgnition=${EXP_BOOTSTRAP_FORMAT_IGNITION:=false},ExternalResourceGC=${EXP_EXTERNAL_RESOURCE_GC:=false},AlternativeGCStrategy=${EXP_ALTERNATIVE_GC_STRATEGY:=false},TagUnmanagedNetworkResources=${TAG_UNMANAGED_NETWORK_RESOURCES:=true},ROSA=${EXP_ROSA:=false} + - --v=${CAPA_LOGLEVEL:=0} + - --diagnostics-address=${CAPA_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPA_INSECURE_DIAGNOSTICS:=false} + env: + - name: AWS_SHARED_CREDENTIALS_FILE + value: /home/.aws/credentials + image: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.4.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /home/.aws + name: credentials + securityContext: + fsGroup: 1000 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capa-controller-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capa-webhook-service-cert + - name: credentials + secret: + secretName: capa-manager-bootstrap-credentials +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-serving-cert + namespace: capa-system +spec: + dnsNames: + - capa-webhook-service.capa-system.svc + - capa-webhook-service.capa-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capa-selfsigned-issuer + secretName: capa-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-selfsigned-issuer + namespace: capa-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awscluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustercontrolleridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclusterroleidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterroleidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterstaticidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclusterstaticidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterstaticidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachine + failurePolicy: Fail + name: mutation.awsmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsfargateprofile + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsfargateprofile.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsfargateprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmanagedmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.eksconfigs.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfig + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.eksconfigtemplates.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfigtemplate + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta2-awsmanagedcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedcontrolplanes + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awscluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustercontrolleridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclusterroleidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterroleidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterstaticidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclusterstaticidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterstaticidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsfargateprofile + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsfargateprofile.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsfargateprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmanagedmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.eksconfigs.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfig + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.eksconfigtemplates.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfigtemplate + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta2-awsmanagedcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedcontrolplanes + sideEffects: None diff --git a/files/cluster-api-provider-aws/v2.4.0/metadata.yaml b/files/cluster-api-provider-aws/v2.4.0/metadata.yaml new file mode 100644 index 00000000..6145224a --- /dev/null +++ b/files/cluster-api-provider-aws/v2.4.0/metadata.yaml @@ -0,0 +1,52 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 4 + contract: v1alpha2 + - major: 0 + minor: 5 + contract: v1alpha3 + - major: 0 + minor: 6 + contract: v1alpha3 + - major: 0 + minor: 7 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 2 + minor: 0 + contract: v1beta1 + - major: 2 + minor: 1 + contract: v1beta1 + - major: 2 + minor: 2 + contract: v1beta1 + - major: 2 + minor: 3 + contract: v1beta1 + - major: 2 + minor: 4 + contract: v1beta1 diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-aad.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aad.yaml new file mode 100644 index 00000000..54c36b40 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aad.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + oidc-client-id: ${AZURE_SERVER_APP_ID} + oidc-groups-claim: groups + oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ + oidc-username-claim: oid + oidc-username-prefix: '-' + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-clusterclass.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-clusterclass.yaml new file mode 100644 index 00000000..13b7e1e0 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-clusterclass.yaml @@ -0,0 +1,125 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedClusterTemplate + name: ${CLUSTER_NAME} + workers: + machinePools: + - class: default-system + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool0 + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool1 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool1 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedClusterTemplate +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + template: + spec: {} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: {} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: {} diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-topology.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-topology.yaml new file mode 100644 index 00000000..c78efb4b --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks-topology.yaml @@ -0,0 +1,21 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + version: ${KUBERNETES_VERSION} + workers: + machinePools: + - class: default-system + name: mp-0 + replicas: 1 + - class: default-worker + name: mp-1 + replicas: 1 diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks.yaml new file mode 100644 index 00000000..3f411230 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-aks.yaml @@ -0,0 +1,116 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + services: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + resourceGroupName: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-bastion.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-bastion.yaml new file mode 100644 index 00000000..31cbcea5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-bastion.yaml @@ -0,0 +1,207 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-cni-v1.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-cni-v1.yaml new file mode 100644 index 00000000..fab81472 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-azure-cni-v1.yaml @@ -0,0 +1,214 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + networkInterfaces: + - privateIPConfigs: 110 + subnetName: control-plane-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + networkInterfaces: + - privateIPConfigs: 110 + subnetName: node-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-clusterclass.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-clusterclass.yaml new file mode 100644 index 00000000..d85a122f --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-clusterclass.yaml @@ -0,0 +1,239 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterTemplate + name: ${CLUSTER_NAME}-azure-cluster + patches: + - definitions: + - jsonPatches: + - op: add + path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/cluster-name + valueFrom: + variable: builtin.cluster.name + - op: replace + path: /spec/template/spec/kubeadmConfigSpec/files + valueFrom: + template: | + - contentFrom: + secret: + key: control-plane-azure.json + name: "{{ .builtin.controlPlane.machineTemplate.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + name: controlPlaneAzureJsonSecretName + - definitions: + - jsonPatches: + - op: replace + path: /spec/template/spec/files + valueFrom: + template: | + - contentFrom: + secret: + key: worker-node-azure.json + name: "{{ .builtin.machineDeployment.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + matchResources: + machineDeploymentClass: + names: + - ${CLUSTER_NAME}-worker + name: workerAzureJsonSecretName + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterTemplate +metadata: + name: ${CLUSTER_NAME}-azure-cluster + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + natGateway: + name: node-natgateway + role: node + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-dual-stack.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-dual-stack.yaml new file mode 100644 index 00000000..1ba4b184 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-dual-stack.yaml @@ -0,0 +1,240 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: calico-dual-stack + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 10.244.0.0/16 + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - 10.0.0.0/16 + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + cloud-provider: external + cluster-cidr: 10.244.0.0/16,2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-edgezone.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-edgezone.yaml new file mode 100644 index 00000000..81e7a725 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-edgezone.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + extendedLocation: + name: ${AZURE_EXTENDEDLOCATION_NAME} + type: ${AZURE_EXTENDEDLOCATION_TYPE} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-ephemeral.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-ephemeral.yaml new file mode 100644 index 00000000..105a0d9a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-ephemeral.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-flatcar.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-flatcar.yaml new file mode 100644 index 00000000..201774a2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-flatcar.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + overwrite: false + partitions: [] + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + # Workaround for https://github.com/kubernetes-sigs/cluster-api/issues/7679. + storage: + disks: + - device: /dev/disk/azure/scsi1/lun0 + partitions: + - number: 1 + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + mounts: + - - etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-ipv6.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-ipv6.yaml new file mode 100644 index 00000000..e6ec0b18 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-ipv6.yaml @@ -0,0 +1,256 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + bind-address: '::' + cloud-provider: external + cluster-cidr: 2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + scheduler: + extraArgs: + bind-address: '::' + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + controllerManager: + extraArgs: + bind-address: '::' + scheduler: + extraArgs: + bind-address: '::' + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: '[fd00::10]' + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf + - mv /etc/resolv.conf /etc/resolv.conf.OLD && ln -s /run/systemd/resolve/resolv.conf + /etc/resolv.conf + - systemctl restart systemd-resolved containerd diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool-windows.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool-windows.yaml new file mode 100644 index 00000000..0861baa2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool-windows.yaml @@ -0,0 +1,288 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + annotations: + runtime: containerd + windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + location: ${AZURE_LOCATION} + template: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: + - powershell c:/create-external-network.ps1 + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool.yaml new file mode 100644 index 00000000..b337dc5a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-machinepool.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-nvidia-gpu.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-nvidia-gpu.yaml new file mode 100644 index 00000000..4ced5e04 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-nvidia-gpu.yaml @@ -0,0 +1,206 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-private.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-private.yaml new file mode 100644 index 00000000..031b6c98 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-private.yaml @@ -0,0 +1,219 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + apiServerLB: + name: ${CLUSTER_NAME}-internal-lb + type: Internal + controlPlaneOutboundLB: + frontendIPsCount: 1 + nodeOutboundLB: + frontendIPsCount: 1 + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - if [ -f /tmp/kubeadm-join-config.yaml ] || [ -f /run/kubeadm/kubeadm-join-config.yaml + ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io apiserver' >> /etc/hosts; + fi + preKubeadmCommands: + - if [ -f /tmp/kubeadm.yaml ] || [ -f /run/kubeadm/kubeadm.yaml ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io + apiserver' >> /etc/hosts; fi + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-topology.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-topology.yaml new file mode 100644 index 00000000..28ad70f5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-topology.yaml @@ -0,0 +1,23 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + containerd-logger: enabled + csi-proxy: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template-windows.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template-windows.yaml new file mode 100644 index 00000000..f7104d26 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template-windows.yaml @@ -0,0 +1,293 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + annotations: + runtime: containerd + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + metadata: + annotations: + runtime: containerd + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: |- + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + v: "2" + windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: [] + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.12.4/cluster-template.yaml b/files/cluster-api-provider-azure/v1.12.4/cluster-template.yaml new file mode 100644 index 00000000..185ecdb9 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/cluster-template.yaml @@ -0,0 +1,205 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.12.4/infrastructure-components.yaml b/files/cluster-api-provider-azure/v1.12.4/infrastructure-components.yaml new file mode 100644 index 00000000..6a2befa5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/infrastructure-components.yaml @@ -0,0 +1,48680 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + pod-security.kubernetes.io/enforce: privileged + name: capz-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusteridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterIdentity + listKind: AzureClusterIdentityList + plural: azureclusteridentities + singular: azureclusteridentity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type of Azure Identity + jsonPath: .spec.type + name: Type + type: string + - description: Time duration since creation of this AzureClusterIdentity + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterIdentity is the Schema for the azureclustersidentities + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterIdentitySpec defines the parameters that are + used to create an AzureIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify the namespaces + the clusters are allowed to use the identity from. Namespaces can + be selected either using an array of namespaces or with label selector. + An empty allowedNamespaces object indicates that AzureClusters can + use this identity from any namespace. If this object is nil, no + namespaces will be allowed (default behaviour, if this field is + not provided) A namespace should be either in the NamespaceList + or match with Selector to use the identity. + nullable: true + properties: + list: + description: A nil or empty list indicates that AzureCluster cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: "Selector is a selector of namespaces that AzureCluster + can use this Identity from. This is a standard Kubernetes LabelSelector, + a label query over a set of resources. The result of matchLabels + and matchExpressions are ANDed. \n A nil or empty selector indicates + that AzureCluster cannot use this AzureClusterIdentity from + any namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: ClientID is the service principal client ID. Both User + Assigned MSI and SP can use this field. + type: string + clientSecret: + description: ClientSecret is a secret reference which should contain + either a Service Principal password or certificate secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + resourceID: + description: ResourceID is the Azure resource ID for the User Assigned + MSI resource. Only applicable when type is UserAssignedMSI. + type: string + tenantID: + description: TenantID is the service principal primary tenant id. + type: string + type: + description: Type is the type of Azure Identity used. ServicePrincipal, + ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal + or WorkloadIdentity. + enum: + - ServicePrincipal + - UserAssignedMSI + - ManualServicePrincipal + - ServicePrincipalCertificate + - WorkloadIdentity + type: string + required: + - clientID + - tenantID + - type + type: object + status: + description: AzureClusterIdentityStatus defines the observed state of + AzureClusterIdentity. + properties: + conditions: + description: Conditions defines current service state of the AzureClusterIdentity. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureCluster + listKind: AzureClusterList + plural: azureclusters + singular: azurecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.resourceGroup + name: Resource Group + priority: 1 + type: string + - jsonPath: .spec.subscriptionID + name: SubscriptionID + priority: 1 + type: string + - jsonPath: .spec.location + name: Location + priority: 1 + type: string + - description: Control Plane Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Time duration since creation of this AzureCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: + \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than the default + must also be accompanied by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. ASO currently + does not support referring to multiple different clouds in a single + installation. The following fields must be defined in the Secret: + - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to the Bastions + in the cluster. + properties: + azureBastion: + description: AzureBastion specifies how the Azure Bastion cloud + component should be configured. + properties: + enableTunneling: + default: false + description: EnableTunneling enables the native client support + feature for the Azure Bastion Host. Defaults to false. + type: boolean + name: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create an + Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated with + the object. + properties: + tag: + description: 'Tag specifies the value of the IP + tag associated with the public IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag type. Example: + FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + sku: + default: Basic + description: BastionHostSkuName configures the tier of the + Azure Bastion Host. Can be either Basic or Standard. Defaults + to Basic. + enum: + - Basic + - Standard + type: string + subnet: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of + the IP tag associated with the public + IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag + type. Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the + private endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set + it true when the network admin does not have access + to approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP + addresses for the network interface associated + with the private endpoint. They have to be part + of the subnet where the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service + connection associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint should + connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination IP range. + Asterix '*' can also be used to match all + source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. + type: string + destinationPorts: + description: DestinationPorts specifies the + destination port or range. Integer or range + between 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + direction: + description: Direction indicates whether the + rule applies to inbound, or outbound traffic. + "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before + higher numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to + match all source IPs. Default tags such as + 'VirtualNetwork', 'AzureLoadBalancer' and + 'Internet' can also be used. If this is an + ingress rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all + ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional set of configuration + values that can be overridden in azure cloud provider config. This + is only a subset of options that are available in azure cloud provider + config. Some values for the cloud provider config are inferred from + other parts of cluster api provider azure spec, and may not be available + for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized by creating + the secret beforehand. CloudProviderConfigOverrides is only used + when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit configuration + for a particular kind of resource. Eg. loadBalancerRateLimit + is used to configure rate limits for load balancers. This + eventually gets converted to CloudProviderRateLimitConfig + that cloud-provider-azure expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly because + floating point values are not supported in controller-tools. + See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate limit config + options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. It is not recommended to set + this when creating an AzureCluster as CAPZ will set this for you. + However, if it is set, CAPZ will not change it. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains in the cluster''s + region, used to restrict eligibility to host the control plane. + A FailureDomain maps to an availability zone, which is a separated + group of datacenters within a region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity to be + used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the control-plane + load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration for the + control-plane outbound load balancer. This is different from + APIServerLB, and is used only in private clusters (optionally) + for enabling outbound traffic. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the node + outbound load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name for the + Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access + to approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of + the group(s) obtained from the remote resource + that this private endpoint should connect + to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies the destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + direction: + description: Direction indicates whether the rule + applies to inbound, or outbound traffic. "Inbound" + or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before higher + numbers. Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol type. + "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to match + all source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's address + space, specified as one or more address prefixes in CIDR + notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the virtual network. + READ-ONLY + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + peerings: + description: Peerings defines a list of peerings of the newly + created virtual network with existing virtual networks. + items: + description: VnetPeeringSpec specifies an existing remote + virtual network to peer with the AzureCluster's virtual + network. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies VnetPeeringProperties + for peering from the cluster's virtual network to + the remote virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of the remote + virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group name + of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies VnetPeeringProperties + for peering from the remote virtual network to the + cluster's virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + subscriptionID: + type: string + required: + - location + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster. + properties: + conditions: + description: Conditions defines current service state of the AzureCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains specifies the list of unique failure + domains for the location/region of the cluster. A FailureDomain + maps to Availability Zone with an Azure Region (if the region support + them). An Availability Zone is a separate data center within a region + and they can be used to ensure the cluster is more resilient to + failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview + This list will be used by Cluster API to try and spread the machines + across the failure domains.' + type: object + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterTemplate + listKind: AzureClusterTemplateList + plural: azureclustertemplates + singular: azureclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterTemplate is the Schema for the azureclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. + properties: + template: + description: AzureClusterTemplateResource describes the data needed + to create an AzureCluster from a template. + properties: + spec: + description: AzureClusterTemplateResourceSpec specifies an Azure + cluster template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" + - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than + the default must also be accompanied by corresponding changes + to the aso-controller-settings Secret to configure ASO to + refer to the non-Public cloud. ASO currently does not support + referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to + the Bastions in the cluster. + properties: + azureBastion: + description: AzureBastionTemplateSpec specifies a template + for an Azure Bastion host. + properties: + subnet: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to + this subnet. + items: + description: PrivateEndpointSpec configures + an Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration + is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName + specifies the network interface name associated + with the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if + the connection approval needs to be done + manually or not. Set it true when the + network admin does not have access to + approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of + the private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. + They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID + specifies the resource ID of the + private link service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of + the remote resource with the private + endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. + Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this + rule. Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be + used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all + ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules + are processed in priority order, with + lower numbers processed before higher + numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the + protocol type. "Tcp", "Udp", "Icmp", + or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' + can also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the + subnets. + items: + description: ServiceEndpointSpec configures + an Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional + set of configuration values that can be overridden in azure + cloud provider config. This is only a subset of options + that are available in azure cloud provider config. Some + values for the cloud provider config are inferred from other + parts of cluster api provider azure spec, and may not be + available for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized + by creating the secret beforehand. CloudProviderConfigOverrides + is only used when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config + options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit + configuration for a particular kind of resource. Eg. + loadBalancerRateLimit is used to configure rate limits + for load balancers. This eventually gets converted + to CloudProviderRateLimitConfig that cloud-provider-azure + expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly + because floating point values are not supported in + controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate + limit config options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit + spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains + in the cluster''s region, used to restrict eligibility to + host the control plane. A FailureDomain maps to an availability + zone, which is a separated group of datacenters within a + region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to + Azure network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the + control-plane load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration + for the control-plane outbound load balancer. This is + different from APIServerLB, and is used only in private + clusters (optionally) for enabling outbound traffic. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the + node outbound load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name + for the Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to this + subnet. + items: + description: PrivateEndpointSpec configures an + Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration is + included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. They + have to be part of the subnet where the + private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, + ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. + Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be used + to match all source IPs. Default tags + such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules are + processed in priority order, with lower + numbers processed before higher numbers. + Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can + also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also be + used to match all ports. + type: string + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an + Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual + network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's + address space, specified as one or more address + prefixes in CIDR notation. + items: + type: string + type: array + peerings: + description: Peerings defines a list of peerings of + the newly created virtual network with existing + virtual networks. + items: + description: VnetPeeringClassSpec specifies a virtual + network peering class. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies + VnetPeeringProperties for peering from the + cluster's virtual network to the remote virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of + the remote virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group + name of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies + VnetPeeringProperties for peering from the + remote virtual network to the cluster's virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + subscriptionID: + type: string + required: + - location + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: azureidentities.aadpodidentity.k8s.io +spec: + group: aadpodidentity.k8s.io + names: + kind: AzureIdentity + listKind: AzureIdentityList + plural: azureidentities + singular: azureidentity + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AzureIdentity is the specification of the identity data structure. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureIdentitySpec describes the credential specifications + of an identity on Azure. + properties: + adEndpoint: + type: string + adResourceID: + description: For service principal. Option param for specifying the AD + details. + type: string + auxiliaryTenantIDs: + description: Service principal auxiliary tenant ids + items: + type: string + nullable: true + type: array + clientID: + description: Both User Assigned MSI and SP can use this field. + type: string + clientPassword: + description: Used for service principal + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + metadata: + type: object + replicas: + format: int32 + nullable: true + type: integer + resourceID: + description: User assigned MSI resource id. + type: string + tenantID: + description: Service principal primary tenant id. + type: string + type: + description: UserAssignedMSI or Service Principal + type: integer + type: object + status: + description: AzureIdentityStatus contains the replica status of the resource. + properties: + availableReplicas: + format: int32 + type: integer + metadata: + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: azureidentitybindings.aadpodidentity.k8s.io +spec: + group: aadpodidentity.k8s.io + names: + kind: AzureIdentityBinding + listKind: AzureIdentityBindingList + plural: azureidentitybindings + singular: azureidentitybinding + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AzureIdentityBinding brings together the spec of matching pods + and the identity which they can use. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureIdentityBindingSpec matches the pod with the Identity. + Used to indicate the potential matches to look for between the pod/deployment + and the identities present. + properties: + azureIdentity: + type: string + metadata: + type: object + selector: + type: string + weight: + description: Weight is used to figure out which of the matching identities + would be selected. + type: integer + type: object + status: + description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding. + properties: + availableReplicas: + format: int32 + type: integer + metadata: + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePoolMachine + listKind: AzureMachinePoolMachineList + plural: azuremachinepoolmachines + shortNames: + - ampm + singular: azuremachinepoolmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Kubernetes version + jsonPath: .status.version + name: Version + type: string + - description: Flag indicating infrastructure is successfully provisioned + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS VM provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePoolMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Azure VMSS VM ID + jsonPath: .spec.providerID + name: VMSS VM ID + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePoolMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolMachineSpec defines the desired state of + AzureMachinePoolMachine. + properties: + instanceID: + description: InstanceID is the identification of the Machine Instance + within the VMSS + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + required: + - providerID + type: object + status: + description: AzureMachinePoolMachineStatus defines the observed state + of AzureMachinePoolMachine. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n Any transient errors that occur during the reconciliation of + MachinePools can be added as events to the MachinePool object and/or + logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool machine and will + contain a succinct value suitable for machine interpretation. \n + Any transient errors that occur during the reconciliation of MachinePools + can be added as events to the MachinePool object and/or logged in + the controller's output." + type: string + instanceName: + description: InstanceName is the name of the Machine Instance within + the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the image + version the VM is running. If the instance is not running the latest + model, it means the instance may not be running the version of Kubernetes + the Machine Pool has specified and needs to be updated. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine instance. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the VM Instance + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + identity: + default: None + description: Identity is the type of identity used for the Virtual + Machine Scale Set. The type 'SystemAssigned' is an implicitly created + identity. The generated identity will be assigned a Subscription + contributor role. The type 'UserAssigned' is a standalone Azure + resource provided by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + location: + description: Location is the Azure region location e.g. westus2 + type: string + orchestrationMode: + default: Uniform + description: OrchestrationMode specifies the orchestration mode for + the Virtual Machine Scale Set + enum: + - Flexible + - Uniform + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + strategy: + default: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + description: The deployment strategy to use to replace existing AzureMachinePoolMachines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + default: Oldest + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default is Oldest + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + default: 1 + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + default: 0 + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + default: RollingUpdate + description: Type of deployment. Currently the only supported + strategy is RollingUpdate + enum: + - RollingUpdate + type: string + type: object + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set + in the networkInterfaces field.' + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set + to DiskWithVMGuestState to encrypt the managed + disk along with the VMGuestState blob, and to + VMGuestStateOnly to encrypt the VMGuestState blob + only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be + set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for + a virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This is + useful for debugging software based launch issues. If not + specified then Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the + user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the + user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for + the Blob Primary Endpoint in the endpoints tab in + the Azure console or with the CLI by issuing `az + storage account list --query=''[].{name: name, "resource + group": resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + image: + description: Image is used to provide details of an image to use + during VM creation. If image details are omitted the image will + default the Azure Marketplace "capi" offer, which is based on + Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from + the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group + containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from + an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used to add + a `Plan` in the API request when creating the VM/VMSS + resource. This is needed when the source image from + which this SIG image was built requires the `Plan` to + be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single + network interface with a single IPConfig in the subnet specified + in the cluster's node subnet field. The primary interface will + be the first networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based + on whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize + that does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 + if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the + new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set to + DiskWithVMGuestState to encrypt the managed disk + along with the VMGuestState blob, and to VMGuestStateOnly + to encrypt the VMGuestState blob only. When set + to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be set + to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine or virtual + machine scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the + virtual machine. It has to be set to any specified value + to enable UefiSettings. The default behavior is: UefiSettings + will not be enabled unless this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot components + and halts the boot process if signature verification + fails. If omitted, the platform chooses a default, which + is subject to change over time, currently that default + is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it enables + the virtualized trusted platform module measurements + to create a known good boot integrity policy baseline. + The integrity policy baseline is used for comparison + with measurements from subsequent VM boots to determine + if anything has changed. This is required to be set + to Enabled if SecurityEncryptionType is defined. If + omitted, the platform chooses a default, which is subject + to change over time, currently that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmExtensions: + description: VMExtensions specifies a list of extensions to be + added to the scale set. + items: + description: VMExtension specifies the parameters for a custom + VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://learn.microsoft.com/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - vmSize + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachinePool. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + image: + description: Image is the current image used in the AzureMachinePool. + When the spec image is nil, this image is populated with the details + of the defaulted Azure Marketplace "capi" offer. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + infrastructureMachineKind: + description: InfrastructureMachineKind is the kind of the infrastructure + resources behind MachinePool Machines. + type: string + instances: + description: Instances is the VM instance status for each VM in the + VMSS + items: + description: AzureMachinePoolInstanceStatus provides status information + for each instance in the VMSS. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within the VMSS + type: string + instanceName: + description: InstanceName is the name of the Machine Instance + within the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the + image version the VM is running. If the instance is not running + the latest model, it means the instance may not be running + the version of Kubernetes the Machine Pool has specified and + needs to be updated. + type: boolean + providerID: + description: ProviderID is the provider identification of the + VMSS Instance + type: string + provisioningState: + description: ProvisioningState is the provisioning state of + the Azure virtual machine instance. + type: string + version: + description: Version defines the Kubernetes version for the + VM Instance + type: string + required: + - latestModelApplied + type: object + type: array + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + version: + description: Version is the Kubernetes version for the current VMSS + model + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachine + listKind: AzureMachineList + plural: azuremachines + singular: azuremachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Azure VM provisioning state + jsonPath: .status.vmState + name: State + type: string + - description: Cluster to which this AzureMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Machine object to which this AzureMachine belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + priority: 1 + type: string + - description: Azure VM ID + jsonPath: .spec.providerID + name: VM ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set in the + networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure UltraSSD + capability for the virtual machine. Defaults to true if Ultra + SSD data disks are specified, otherwise it doesn't set the capability + on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used to add + one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are used to + add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the data + disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the data + disk. This value is used to identify data disks within the + VM and therefore must be unique for each data disk attached + to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to + Enabled. It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to the + machine name to generate the disk name. Each disk name will + be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for a + virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings for + the virtual machine. This allows to configure capturing serial + output from the virtual machine on boot. This is useful for + debugging software based launch issues. If not specified then + Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the user + (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the user-managed + storage account. The URI typically will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for the + Blob Primary Endpoint in the endpoints tab in the Azure + console or with the CLI by issuing `az storage account + list --query=''[].{name: name, "resource group": resourceGroup, + "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses to + the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure which + is required for some CNI's to send traffic from a pods on one machine + to another. This is required for IpV6 with Calico in combination + with User Defined Routes (set by the Azure Cloud Controller manager). + Default is false for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. This + relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the virtual + machine. The type 'SystemAssigned' is an implicitly created identity. + The generated identity will be assigned a Subscription contributor + role. The type 'UserAssigned' is a standalone Azure resource provided + by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image to use during + VM creation. If image details are omitted the image will default + the Azure Marketplace "capi" offer, which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single network + interface with a single IPConfig in the subnet specified in the + cluster's node subnet field. The primary interface will be the first + networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based on + whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize that + does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 if + not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the new + network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating system + disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the OS + disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to Enabled. + It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption should + be enabled or disabled for a virtual machine or virtual machine + scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the virtual + machine. It has to be set to any specified value to enable UefiSettings. + The default behavior is: UefiSettings will not be enabled unless + this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings like + secure boot and vTPM used while creating the virtual machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure boot + should be enabled on the virtual machine. Secure Boot verifies + the digital signature of all boot components and halts the + boot process if signature verification fails. If omitted, + the platform chooses a default, which is subject to change + over time, currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should be + enabled on the virtual machine. When true it enables the + virtualized trusted platform module measurements to create + a known good boot integrity policy baseline. The integrity + policy baseline is used for comparison with measurements + from subsequent VM boots to determine if anything has changed. + This is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachine. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to be added + to the virtual machine. + items: + description: VMExtension specifies the parameters for a custom VM + extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings for + the extension. + type: object + version: + description: Version specifies the version of the script handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine. + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AzureMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachineTemplate + listKind: AzureMachineTemplateList + plural: azuremachinetemplates + singular: azuremachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create an AzureMachine from a template. + properties: + metadata: + description: "ObjectMeta is metadata that all persisted resources + must have, which includes all objects users must create. This + is a copy of customizable fields from metav1.ObjectMeta. \n + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` + and `MachineSet.Template`, which are not top-level Kubernetes + objects. Given that metav1.ObjectMeta has lots of special cases + and read-only fields which end up in the generated CRD validation, + having it as a subset simplifies the API and some issues that + can impact user experience. \n During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) + for v1alpha2, we noticed a failure would occur running Cluster + API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp + in body must be of type string: \"null\"`. The investigation + showed that `controller-tools@v2` behaves differently than its + previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) + package. \n In more details, we found that embedded (non-top + level) types that embedded `metav1.ObjectMeta` had validation + properties, including for `creationTimestamp` (metav1.Time). + The `metav1.Time` type specifies a custom json marshaller that, + when IsZero() is true, returns `null` which breaks validation + because the field isn't marked as nullable. \n In future versions, + controller-tools@v2 might allow overriding the type and validation + for embedded types. When that happens, this hack should be revisited." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be + set in the networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure + UltraSSD capability for the virtual machine. Defaults + to true if Ultra SSD data disks are specified, otherwise + it doesn't set the capability on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are + used to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign + to the data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of + the data disk. This value is used to identify data + disks within the VM and therefore must be unique for + each data disk attached to a VM. The value must be + between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk + parameters for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the + customer-managed disk encryption set resource + id for the managed disk that is used for Customer + Managed Key encrypted ConfidentialVM OS Disk + and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt + the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the + VMGuestState blob only. When set to VMGuestStateOnly, + VirtualizedTrustedPlatformModule should be + set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for + Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended + to the machine name to generate the disk name. Each + disk name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings + for a virtual machine. If not specified then Boot diagnostics + (Managed) will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This + is useful for debugging software based launch issues. + If not specified then Boot diagnostics (Managed) will + be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the + storage account for storing the diagnostics data + should be disabled (Disabled), provisioned by Azure + (Managed) or by the user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the + user-managed storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of + the user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone + endpoints. You can find the correct endpoint + by looking for the Blob Primary Endpoint in + the endpoints tab in the Azure console or with + the CLI by issuing `az storage account list + --query=''[].{name: name, "resource group": + resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses + to the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure + which is required for some CNI's to send traffic from a + pods on one machine to another. This is required for IpV6 + with Calico in combination with User Defined Routes (set + by the Azure Cloud Controller manager). Default is false + for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. This relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the + virtual machine. The type 'SystemAssigned' is an implicitly + created identity. The generated identity will be assigned + a Subscription contributor role. The type 'UserAssigned' + is a standalone Azure resource provided by the user and + assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image + to use during VM creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, + which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use + from the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group + of related images created by the publisher. + For example, UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For + example, 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource + group containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from + the Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is + published by a third party publisher and a Plan + will be generated for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an + image available at deploy time. Even if you use + 'latest', the VM image will not automatically update + after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use + from an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource + group containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network + interface configurations. If left unspecified, the VM will + get a single network interface with a single IPConfig in + the subnet specified in the cluster's node subnet field. + The primary interface will be the first networkInterface + specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables + Azure accelerated networking. If omitted, it will + be set based on whether the requested VMSize supports + accelerated networking. If AcceleratedNetworking is + set to true with a VMSize that does not support it, + Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of + private IP addresses to attach to the interface. Defaults + to 1 if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which + the new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating + system disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk + settings for the os disk. + properties: + option: + description: Option enables ephemeral OS when set + to "Local" See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to + the OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt the + managed disk along with the VMGuestState blob, + and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set + in the systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile + settings for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine + or virtual machine scale set. This should be disabled + when SecurityEncryptionType is set to DiskWithVMGuestState. + Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType + of the virtual machine. It has to be set to any specified + value to enable UefiSettings. The default behavior is: + UefiSettings will not be enabled unless this property + is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot + components and halts the boot process if signature + verification fails. If omitted, the platform chooses + a default, which is subject to change over time, + currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it + enables the virtualized trusted platform module + measurements to create a known good boot integrity + policy baseline. The integrity policy baseline is + used for comparison with measurements from subsequent + VM boots to determine if anything has changed. This + is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently + that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the + Machine should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the + virtual machine when it is evicted. It can be either + Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the + networkInterfaces field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and + scope to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition + to create for a system assigned identity. It can be + an Azure built-in role or a custom role. Refer to built-in + roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to + create for a system assigned identity. It can be any + valid UUID. If not specified, a random UUID will be + generated. + type: string + scope: + description: Scope is the scope that the role assignment + or definition applies to. The scope can be any REST + resource instance. If not specified, the scope will + be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone + Azure identities provided by the user The lifecycle of a + user-assigned identity is managed separately from the lifecycle + of the AzureMachine. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned + identities provided by the user to be assigned to Azure + resources. + properties: + providerID: + description: 'ProviderID is the identification ID of + the user-assigned Identity, the format of an identity + is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to + be added to the virtual machine. + items: + description: VMExtension specifies the parameters for a + custom VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension + handler publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedClusterTemplate + listKind: AzureManagedClusterTemplateList + plural: azuremanagedclustertemplates + shortNames: + - amct + singular: azuremanagedclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterTemplateSpec defines the desired state + of AzureManagedClusterTemplate. + properties: + template: + description: AzureManagedClusterTemplateResource describes the data + needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedClusterTemplateResourceSpec specifies + an Azure managed cluster template resource. + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration to + integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs that will + have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled or not. + type: boolean + name: + description: Name - The name of the managed cluster add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile for AKS + API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes + API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to create + the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates whether + to create additional public FQDN for private cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode for + private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied to + the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are 'true' + and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default is 'random'. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is 45. The + maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values + must be an integer followed by a unit ('s' for seconds, 'm' + for minutes, 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. The + default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is the scan-interval. + Values must be an integer followed by an 's'. No unit of time + other than seconds (s) is supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time + other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated for + scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - PublicCloud: + \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\" + \n Note that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings Secret to + configure ASO to refer to the non-Public cloud. ASO currently does + not support referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableLocalAccounts: + description: DisableLocalAccounts disables getting static credentials + for this cluster when set. Expected to only be used for AAD clusters. + type: boolean + dnsPrefix: + description: DNSPrefix allows the user to customize dns prefix. Immutable. + type: string + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. Immutable. + type: string + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration for the + cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint to + use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should not go + through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use for connecting + to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity ARM resource + ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned identity + for kubelet. For authentication with Azure Container Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster load + balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of allocated + SNAT ports per VM. Allowed values must be in the range of 0 + to 64000 (inclusive). The default value is 0 which results in + Azure dynamically allocating ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow idle + timeout in minutes. Allowed values must be in the range of 4 + to 120 (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound IPs + for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP Prefix resources + for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources for the + cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. For + the AzureManagedControlPlaneTemplate, this field is used only to + fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin should + use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + nodeResourceGroupName: + description: NodeResourceGroupName is the name of the resource group + containing cluster IaaS resources. Will be populated to default + in webhook. Immutable. + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. Immutable. + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. Use empty string to autogenerate new key. Use + null value to not set key. Immutable. + type: string + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network for the + AKS cluster. It will be created if it does not already exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource group + for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual Network + private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private endpoint + IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies the + network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access to + approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of the + group(s) obtained from the remote resource that + this private endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the private + link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies the + resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource with + the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - resourceGroupName + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: Initialized is true when the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + issuerURL: + description: IssuerURL is the OIDC issuer url of the Managed Cluster. + type: string + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the control + plane instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlaneTemplate + listKind: AzureManagedControlPlaneTemplateList + plural: azuremanagedcontrolplanetemplates + shortNames: + - amcpt + singular: azuremanagedcontrolplanetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneTemplateSpec defines the desired + state of AzureManagedControlPlaneTemplate. + properties: + template: + description: AzureManagedControlPlaneTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedControlPlaneTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration + to integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs + that will have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster + add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring + the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled + or not. + type: boolean + name: + description: Name - The name of the managed cluster + add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile + for AKS API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges + to kubernetes API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to + create the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates + whether to create additional public FQDN for private + cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode + for private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied + to the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are + 'true' and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default + is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is + 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is + 45. The maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell + CA to ignore unscheduled pods before they're a certain + age. The default is '0s'. Values must be an integer + followed by a unit ('s' for seconds, 'm' for minutes, + 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. + The default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is + the scan-interval. Values must be an integer followed + by an 's'. No unit of time other than seconds (s) is + supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default + is '3m'. Values must be an integer followed by an 'm'. + No unit of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default + is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated + for scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is + false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is + true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - PublicCloud: \"AzurePublicCloud\" + - USGovernmentCloud: \"AzureUSGovernmentCloud\" \n Note + that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. + ASO currently does not support referring to multiple different + clouds in a single installation. The following fields must + be defined in the Secret: - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT + - AZURE_RESOURCE_MANAGER_AUDIENCE \n See the [ASO docs] + for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + disableLocalAccounts: + description: DisableLocalAccounts disables getting static + credentials for this cluster when set. Expected to only + be used for AAD clusters. + type: boolean + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the + Kubernetes DNS service. It must be within the Kubernetes + service address range specified in serviceCidr. Immutable. + type: string + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration + for the cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint + to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint + to use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should + not go through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use + for connecting to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control + plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity + ARM resource ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned + identity for kubelet. For authentication with Azure Container + Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster + load balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of + allocated SNAT ports per VM. Allowed values must be + in the range of 0 to 64000 (inclusive). The default + value is 0 which results in Azure dynamically allocating + ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow + idle timeout in minutes. Allowed values must be in the + range of 4 to 120 (inclusive). The default value is + 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound + IPs for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP + Prefix resources for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources + for the cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer + to be provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical + Azure region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. For the AzureManagedControlPlaneTemplate, this field + is used only to fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin + should use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile + of the Managed Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network + for the AKS cluster. It will be created if it does not already + exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource + group for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet + for an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual + Network private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the + private endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region to + create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the + IP addresses for the network interface associated + with the private endpoint. They have to be + part of the subnet where the private endpoint + is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint + should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of + the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. Must + use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host encryption + is enabled on the node pool. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled on the node + pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes in the + pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations for + nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe sysctls + or unsafe sysctl patterns (ending in `*`). Valid values match + `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or + `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number of container + log files that can be present for a container. The number must + be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size in MB of + a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement for + containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period value. + Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make the Kubelet + fail to start if swap is enabled on the node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk usage + after which image garbage collection is always run. Valid values + are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk usage before + which image garbage collection is never run. Valid values are + 0-100 (inclusive) and must be less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes per + pod. Must not exceed kernel PID limit. -1 disables the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager policy to + use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. Default + to OS. Possible values include: 'OS', 'Temporary'. Requires Microsoft.ContainerService/KubeletDisk + preview feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a swap file + will be created on the agent nodes from this node pool. Max + value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). + Must be at least 1. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number of system-wide + asynchronous io requests. Valid values are 65536-6553500 + (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of file-handles + that the Linux kernel will allocate, by increasing increases + the maximum number of open files permitted. Valid values + are 8192-12000500 (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the number + of file watches allowed by the system. Each watch is roughly + 90 bytes on a 32-bit kernel, and roughly 160 bytes on a + 64-bit kernel. Valid values are 781250-2097152 (inclusive). + Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number of file-handles + a process can allocate. Valid values are 8192-20000500 (inclusive). + Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum number + of all threads that can be created. Valid values are 20-513785 + (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum number + of packets, queued on the INPUT side, when the interface + receives packets faster than kernel can process them. Valid + values are 1000-3240000 (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum ancillary + buffer size (option memory buffer) allowed per socket. Socket + option memory is used in a few cases to store extra structures + relating to usage of the socket. Valid values are 20480-4194304 + (inclusive). Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number of + connection requests that can be queued for any given listening + socket. An upper limit for the value of the backlog parameter + passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than the somaxconn, + then it's silently truncated to this limit. Valid values + are 4096-3240000 (inclusive). Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default send + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum send socket + buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP and UDP + traffic to choose the local port on the agent node. PortRange + should be specified in the format "first last". First, being + an integer, must be between [1024 - 60999]. Last, being + an integer, must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies the minimum + number of entries that may be in the ARP cache. Garbage + collection won't be triggered if the number of entries is + below this setting. Valid values are 128-80000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies soft maximum + number of entries that may be in the ARP cache. ARP garbage + collection will be triggered about 5 seconds after reaching + this soft maximum. Valid values are 512-90000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified hard maximum + number of entries in the ARP cache. Valid values are 1024-100000 + (inclusive). Maps to net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length of + time an orphaned connection will remain in the FIN_WAIT_2 + state before it's aborted at the local end. Valid values + are 5-120 (inclusive). Maps to net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the number + of keepalive probes TCP sends out, until it decides the + connection is broken. Valid values are 1-15 (inclusive). + Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the rate at + which TCP sends out a keepalive message when keepalive is + enabled. Valid values are 30-432000 (inclusive). Maps to + net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the maximum + number of queued connection requests that have still not + received an acknowledgment from the connecting client. If + this number is exceeded, the kernel will begin dropping + requests. Valid values are 128-3240000 (inclusive). Maps + to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal number + of timewait sockets held by system simultaneously. If this + number is exceeded, time-wait socket is immediately destroyed + and warning is printed. Valid values are 8000-1440000 (inclusive). + Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT + sockets for new connections when it's safe from protocol + viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the frequency + of the probes sent out. Multiplied by tcpKeepaliveprobes, + it makes up the time to kill a connection that isn't responding, + after probes started. Valid values are 1-75 (inclusive). + Maps to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies the + size of hash table used by nf_conntrack module to record + the established connection record of the TCP protocol. Valid + values are 65536-147456 (inclusive). Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies the maximum + number of connections supported by the nf_conntrack module + or the size of connection tracking table. Valid values are + 131072-1048576 (inclusive). Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number of + memory map areas a process may have. Maps to vm.max_map_count. + Valid values are 65530-262144 (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness of the + kernel in swapping memory pages. Higher values will increase + aggressiveness, lower values decrease the amount of swap. + Valid values are 0-100 (inclusive). Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage value + that controls tendency of the kernel to reclaim the memory, + which is used for caching of directory and inode objects. + Valid values are 1-500 (inclusive). Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether the + kernel should make aggressive use of memory compaction to make + more hugepages available. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various modes + of Transparent Hugepages. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. \n + [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of the nodes + present in node pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP prefix resource + ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each node + in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). + Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating system. + Default to Linux. Possible values include: 'Linux', 'Windows'. 'Windows' + requires the AzureManagedControlPlane's `spec.networkPlugin` to + be `azure`. Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler behavior. + Default to Delete. Possible values include: ''Deallocate'', ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority value. + Default to Regular. Possible values include: ''Regular'', ''Spot'' + Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters for the + node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot instance. + Possible values are any decimal value greater than zero or -1. If + you set the max price to be -1, the VM won't be evicted based on + price. The price for the VM will be the current price for spot or + the price for a standard VM, which ever is less, as long as there's + capacity and quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present in this + agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePoolTemplate + listKind: AzureManagedMachinePoolTemplateList + plural: azuremanagedmachinepooltemplates + shortNames: + - ammpt + singular: azuremanagedmachinepooltemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolTemplateSpec defines the desired state + of AzureManagedMachinePoolTemplate. + properties: + template: + description: AzureManagedMachinePoolTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedMachinePoolTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. + Must use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host + encryption is enabled on the node pool. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled + on the node pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes + in the pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations + for nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe + sysctls or unsafe sysctl patterns (ending in `*`). Valid + values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, + `fs.mqueue.*`, or `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number + of container log files that can be present for a container. + The number must be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size + in MB of a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement + for containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period + value. Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to + use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make + the Kubelet fail to start if swap is enabled on the + node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk + usage after which image garbage collection is always + run. Valid values are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk + usage before which image garbage collection is never + run. Valid values are 0-100 (inclusive) and must be + less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes + per pod. Must not exceed kernel PID limit. -1 disables + the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager + policy to use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. + Default to OS. Possible values include: 'OS', 'Temporary'. + Requires Microsoft.ContainerService/KubeletDisk preview + feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a + swap file will be created on the agent nodes from this + node pool. Max value of SwapFileSizeMB should be the + size of temporary disk(/dev/sdb). Must be at least 1. + See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent + nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number + of system-wide asynchronous io requests. Valid values + are 65536-6553500 (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of + file-handles that the Linux kernel will allocate, + by increasing increases the maximum number of open + files permitted. Valid values are 8192-12000500 + (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the + number of file watches allowed by the system. Each + watch is roughly 90 bytes on a 32-bit kernel, and + roughly 160 bytes on a 64-bit kernel. Valid values + are 781250-2097152 (inclusive). Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number + of file-handles a process can allocate. Valid values + are 8192-20000500 (inclusive). Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum + number of all threads that can be created. Valid + values are 20-513785 (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum + number of packets, queued on the INPUT side, when + the interface receives packets faster than kernel + can process them. Valid values are 1000-3240000 + (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum + ancillary buffer size (option memory buffer) allowed + per socket. Socket option memory is used in a few + cases to store extra structures relating to usage + of the socket. Valid values are 20480-4194304 (inclusive). + Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number + of connection requests that can be queued for any + given listening socket. An upper limit for the value + of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than + the somaxconn, then it's silently truncated to this + limit. Valid values are 4096-3240000 (inclusive). + Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP + and UDP traffic to choose the local port on the + agent node. PortRange should be specified in the + format "first last". First, being an integer, must + be between [1024 - 60999]. Last, being an integer, + must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies + the minimum number of entries that may be in the + ARP cache. Garbage collection won't be triggered + if the number of entries is below this setting. + Valid values are 128-80000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies + soft maximum number of entries that may be in the + ARP cache. ARP garbage collection will be triggered + about 5 seconds after reaching this soft maximum. + Valid values are 512-90000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified + hard maximum number of entries in the ARP cache. + Valid values are 1024-100000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length + of time an orphaned connection will remain in the + FIN_WAIT_2 state before it's aborted at the local + end. Valid values are 5-120 (inclusive). Maps to + net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the + number of keepalive probes TCP sends out, until + it decides the connection is broken. Valid values + are 1-15 (inclusive). Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the + rate at which TCP sends out a keepalive message + when keepalive is enabled. Valid values are 30-432000 + (inclusive). Maps to net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the + maximum number of queued connection requests that + have still not received an acknowledgment from the + connecting client. If this number is exceeded, the + kernel will begin dropping requests. Valid values + are 128-3240000 (inclusive). Maps to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal + number of timewait sockets held by system simultaneously. + If this number is exceeded, time-wait socket is + immediately destroyed and warning is printed. Valid + values are 8000-1440000 (inclusive). Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to + reuse TIME-WAIT sockets for new connections when + it's safe from protocol viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the + frequency of the probes sent out. Multiplied by + tcpKeepaliveprobes, it makes up the time to kill + a connection that isn't responding, after probes + started. Valid values are 1-75 (inclusive). Maps + to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies + the size of hash table used by nf_conntrack module + to record the established connection record of the + TCP protocol. Valid values are 65536-147456 (inclusive). + Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies + the maximum number of connections supported by the + nf_conntrack module or the size of connection tracking + table. Valid values are 131072-1048576 (inclusive). + Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number + of memory map areas a process may have. Maps to + vm.max_map_count. Valid values are 65530-262144 + (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness + of the kernel in swapping memory pages. Higher values + will increase aggressiveness, lower values decrease + the amount of swap. Valid values are 0-100 (inclusive). + Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage + value that controls tendency of the kernel to reclaim + the memory, which is used for caching of directory + and inode objects. Valid values are 1-500 (inclusive). + Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether + the kernel should make aggressive use of memory compaction + to make more hugepages available. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various + modes of Transparent Hugepages. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. + \n [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of + the nodes present in node pool. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP + prefix resource ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine + in this agent pool. If you specify 0, it will apply the + default osDisk size according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each + node in the pool. Allowed values are 'Ephemeral' and 'Managed' + (default). Immutable. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating + system. Default to Linux. Possible values include: 'Linux', + 'Windows'. 'Windows' requires the AzureManagedControlPlane's + `spec.networkPlugin` to be `azure`. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler + behavior. Default to Delete. Possible values include: ''Deallocate'', + ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority + value. Default to Regular. Possible values include: ''Regular'', + ''Spot'' Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters + for the node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for + auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for + auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. + Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot + instance. Possible values are any decimal value greater + than zero or -1. If you set the max price to be -1, the + VM won't be evicted based on price. The price for the VM + will be the current price for spot or the price for a standard + VM, which ever is less, as long as there's capacity and + quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present + in this agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: unapproved + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: azurepodidentityexceptions.aadpodidentity.k8s.io +spec: + group: aadpodidentity.k8s.io + names: + kind: AzurePodIdentityException + listKind: AzurePodIdentityExceptionList + plural: azurepodidentityexceptions + singular: azurepodidentityexception + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AzurePodIdentityException contains the pod selectors for all + pods that don't require NMI to process and request token on their behalf. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzurePodIdentityExceptionSpec matches pods with the selector + defined. If request originates from a pod that matches the selector, + nmi will proxy the request and send response back without any validation. + properties: + metadata: + type: object + podLabels: + additionalProperties: + type: string + type: object + type: object + status: + description: AzurePodIdentityExceptionStatus contains the status of an + AzurePodIdentityException. + properties: + metadata: + type: object + status: + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: Storage version of v1api20230201.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs + of the application security groups which agent pool will + associate when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: 'DnsZoneResourceReference: Resource ID of the + DNS Zone to be associated with the web app. Used only when + Web App Routing is enabled.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off, this field + will be exactly equal to it. If orchestratorVersion was , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: 'EffectiveNoProxy: A read-only list of all endpoints + for which traffic should not be sent to the proxy. This list + is a superset of noProxy and values injected by AKS.' + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: 'DnsZoneResourceId: Resource ID of the DNS Zone + to be associated with the web app. Used only when Web App + Routing is enabled.' + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: 'Identity: Managed identity of the Web Application + Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure + DNS resource and get certificates from Azure Key Vault. + See [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) + for more instructions.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion was + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230202preview.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: natgateways.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.NatGateway Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: Storage version of v1api20220701.NatGatewaySku SKU of + nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20220701.NatGateway_STATUS Nat Gateway + resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: resourcegroups.resources.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20200601.ResourceGroup Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: Storage version of v1api20200601.ResourceGroup_STATUS Resource + group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: azureserviceoperator-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-aad-pod-id-nmi-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentitybindings + - azureidentities + - azurepodidentityexceptions + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentities + - azureidentities/status + verbs: + - get + - list + - watch +- apiGroups: + - aadpodidentity.k8s.io + resources: + - azureidentitybindings + - azureidentitybindings/status + verbs: + - get + - list + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusteridentities + - azureclusteridentities/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/status + verbs: + - get + - list + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: azureserviceoperator-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capz-leader-election-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-proxy-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + k8s-app: capz-aad-pod-id-nmi-binding + name: capz-aad-pod-id-nmi-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-aad-pod-id-nmi-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-manager-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings + namespace: capz-system +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_CLIENT_ID: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_SUBSCRIPTION_ID: "" + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + AZURE_TENANT_ID: "" +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: capz-system +spec: + ports: + - name: metrics + port: 8080 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: azureserviceoperator-proxy-service + namespace: capz-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + name: azureserviceoperator-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-azure +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.4.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-pattern= + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_ID + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_SECRET + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: AZURE_TENANT_ID + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: AZURE_SUBSCRIPTION_ID + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: mcr.microsoft.com/k8s/azureserviceoperator:v2.4.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8080 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + aadpodidbinding: capz-controller-aadpodidentity-selector + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + name: capz-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: capz-controller-aadpodidentity-selector + azure.workload.identity/use: "true" + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false} + - --v=0 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/cluster-api-azure/cluster-api-azure-controller:v1.12.4 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/secrets/azure/tokens + name: azure-identity-token + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capz-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capz-webhook-service-cert + - name: azure-identity-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity-token +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + component: nmi + k8s-app: aad-pod-id + tier: node + name: capz-nmi + namespace: capz-system +spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + component: nmi + tier: node + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + component: nmi + tier: node + spec: + containers: + - args: + - --node=$(NODE_NAME) + - --operation-mode=managed + - --forceNamespaced + - --http-probe-port=8085 + env: + - name: FORCENAMESPACED + value: "true" + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LOG_LEVEL + value: DEBUG + image: mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8085 + initialDelaySeconds: 10 + periodSeconds: 5 + name: nmi + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - NET_ADMIN + - NET_RAW + drop: + - ALL + runAsUser: 0 + volumeMounts: + - mountPath: /run/xtables.lock + name: iptableslock + - mountPath: /etc/default + name: default-path + readOnly: true + - mountPath: /etc/default/kubelet + name: kubelet-config + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: capz-manager + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - hostPath: + path: /run/xtables.lock + type: FileOrCreate + name: iptableslock + - hostPath: + path: /etc/default + type: DirectoryOrCreate + name: default-path + - hostPath: + path: /etc/default/kubelet + type: FileOrCreate + name: kubelet-config + updateStrategy: + type: RollingUpdate +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: azureserviceoperator-serving-cert + namespace: capz-system +spec: + dnsNames: + - azureserviceoperator-webhook-service.capz-system.svc + - azureserviceoperator-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: azureserviceoperator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-serving-cert + namespace: capz-system +spec: + dnsNames: + - capz-webhook-service.capz-system.svc + - capz-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capz-selfsigned-issuer + secretName: capz-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: azureserviceoperator-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclusteridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclusteridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusteridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster + failurePolicy: Fail + name: validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedclustertemplate + failurePolicy: Fail + name: validation.azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - azuremanagedclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: validation.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine + failurePolicy: Fail + name: azuremachinepoolmachine.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepoolmachines + sideEffects: None diff --git a/files/cluster-api-provider-azure/v1.12.4/metadata.yaml b/files/cluster-api-provider-azure/v1.12.4/metadata.yaml new file mode 100644 index 00000000..e90cd471 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.12.4/metadata.yaml @@ -0,0 +1,55 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 3 + contract: v1alpha2 + - major: 0 + minor: 4 + contract: v1alpha3 + - major: 0 + minor: 5 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 11 + contract: v1beta1 + - major: 1 + minor: 12 + contract: v1beta1 diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-aad.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aad.yaml new file mode 100644 index 00000000..54c36b40 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aad.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + oidc-client-id: ${AZURE_SERVER_APP_ID} + oidc-groups-claim: groups + oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ + oidc-username-claim: oid + oidc-username-prefix: '-' + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-clusterclass.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-clusterclass.yaml new file mode 100644 index 00000000..13b7e1e0 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-clusterclass.yaml @@ -0,0 +1,125 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedClusterTemplate + name: ${CLUSTER_NAME} + workers: + machinePools: + - class: default-system + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool0 + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool1 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool1 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedClusterTemplate +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + template: + spec: {} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: {} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: {} diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-topology.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-topology.yaml new file mode 100644 index 00000000..c78efb4b --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks-topology.yaml @@ -0,0 +1,21 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + version: ${KUBERNETES_VERSION} + workers: + machinePools: + - class: default-system + name: mp-0 + replicas: 1 + - class: default-worker + name: mp-1 + replicas: 1 diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks.yaml new file mode 100644 index 00000000..3f411230 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-aks.yaml @@ -0,0 +1,116 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + services: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + resourceGroupName: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-bastion.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-bastion.yaml new file mode 100644 index 00000000..31cbcea5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-bastion.yaml @@ -0,0 +1,207 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-cni-v1.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-cni-v1.yaml new file mode 100644 index 00000000..fab81472 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-azure-cni-v1.yaml @@ -0,0 +1,214 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + networkInterfaces: + - privateIPConfigs: 110 + subnetName: control-plane-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + networkInterfaces: + - privateIPConfigs: 110 + subnetName: node-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-clusterclass.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-clusterclass.yaml new file mode 100644 index 00000000..d85a122f --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-clusterclass.yaml @@ -0,0 +1,239 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterTemplate + name: ${CLUSTER_NAME}-azure-cluster + patches: + - definitions: + - jsonPatches: + - op: add + path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/cluster-name + valueFrom: + variable: builtin.cluster.name + - op: replace + path: /spec/template/spec/kubeadmConfigSpec/files + valueFrom: + template: | + - contentFrom: + secret: + key: control-plane-azure.json + name: "{{ .builtin.controlPlane.machineTemplate.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + name: controlPlaneAzureJsonSecretName + - definitions: + - jsonPatches: + - op: replace + path: /spec/template/spec/files + valueFrom: + template: | + - contentFrom: + secret: + key: worker-node-azure.json + name: "{{ .builtin.machineDeployment.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + matchResources: + machineDeploymentClass: + names: + - ${CLUSTER_NAME}-worker + name: workerAzureJsonSecretName + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterTemplate +metadata: + name: ${CLUSTER_NAME}-azure-cluster + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + natGateway: + name: node-natgateway + role: node + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-dual-stack.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-dual-stack.yaml new file mode 100644 index 00000000..070cd67a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-dual-stack.yaml @@ -0,0 +1,231 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: calico-dual-stack + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 10.244.0.0/16 + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - 10.0.0.0/16 + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + cloud-provider: external + cluster-cidr: 10.244.0.0/16,2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-edgezone.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-edgezone.yaml new file mode 100644 index 00000000..81e7a725 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-edgezone.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + extendedLocation: + name: ${AZURE_EXTENDEDLOCATION_NAME} + type: ${AZURE_EXTENDEDLOCATION_TYPE} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-ephemeral.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-ephemeral.yaml new file mode 100644 index 00000000..105a0d9a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-ephemeral.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-flatcar.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-flatcar.yaml new file mode 100644 index 00000000..201774a2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-flatcar.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + overwrite: false + partitions: [] + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + # Workaround for https://github.com/kubernetes-sigs/cluster-api/issues/7679. + storage: + disks: + - device: /dev/disk/azure/scsi1/lun0 + partitions: + - number: 1 + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + mounts: + - - etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-ipv6.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-ipv6.yaml new file mode 100644 index 00000000..884f77d5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-ipv6.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + bind-address: '::' + cloud-provider: external + cluster-cidr: 2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + scheduler: + extraArgs: + bind-address: '::' + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + controllerManager: + extraArgs: + bind-address: '::' + scheduler: + extraArgs: + bind-address: '::' + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: '[fd00::10]' + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool-windows.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool-windows.yaml new file mode 100644 index 00000000..0861baa2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool-windows.yaml @@ -0,0 +1,288 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + annotations: + runtime: containerd + windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + location: ${AZURE_LOCATION} + template: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: + - powershell c:/create-external-network.ps1 + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool.yaml new file mode 100644 index 00000000..b337dc5a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-machinepool.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-nvidia-gpu.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-nvidia-gpu.yaml new file mode 100644 index 00000000..4ced5e04 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-nvidia-gpu.yaml @@ -0,0 +1,206 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-private.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-private.yaml new file mode 100644 index 00000000..031b6c98 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-private.yaml @@ -0,0 +1,219 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + apiServerLB: + name: ${CLUSTER_NAME}-internal-lb + type: Internal + controlPlaneOutboundLB: + frontendIPsCount: 1 + nodeOutboundLB: + frontendIPsCount: 1 + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - if [ -f /tmp/kubeadm-join-config.yaml ] || [ -f /run/kubeadm/kubeadm-join-config.yaml + ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io apiserver' >> /etc/hosts; + fi + preKubeadmCommands: + - if [ -f /tmp/kubeadm.yaml ] || [ -f /run/kubeadm/kubeadm.yaml ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io + apiserver' >> /etc/hosts; fi + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-topology.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-topology.yaml new file mode 100644 index 00000000..28ad70f5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-topology.yaml @@ -0,0 +1,23 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + containerd-logger: enabled + csi-proxy: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template-windows.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template-windows.yaml new file mode 100644 index 00000000..f7104d26 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template-windows.yaml @@ -0,0 +1,293 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + annotations: + runtime: containerd + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + metadata: + annotations: + runtime: containerd + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: |- + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + v: "2" + windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: [] + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.13.2/cluster-template.yaml b/files/cluster-api-provider-azure/v1.13.2/cluster-template.yaml new file mode 100644 index 00000000..185ecdb9 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/cluster-template.yaml @@ -0,0 +1,205 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.13.2/infrastructure-components.yaml b/files/cluster-api-provider-azure/v1.13.2/infrastructure-components.yaml new file mode 100644 index 00000000..b9cdc32b --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/infrastructure-components.yaml @@ -0,0 +1,63166 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + pod-security.kubernetes.io/enforce: privileged + name: capz-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusteridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterIdentity + listKind: AzureClusterIdentityList + plural: azureclusteridentities + singular: azureclusteridentity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type of Azure Identity + jsonPath: .spec.type + name: Type + type: string + - description: Time duration since creation of this AzureClusterIdentity + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterIdentity is the Schema for the azureclustersidentities + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterIdentitySpec defines the parameters that are + used to create an AzureIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify the namespaces + the clusters are allowed to use the identity from. Namespaces can + be selected either using an array of namespaces or with label selector. + An empty allowedNamespaces object indicates that AzureClusters can + use this identity from any namespace. If this object is nil, no + namespaces will be allowed (default behaviour, if this field is + not provided) A namespace should be either in the NamespaceList + or match with Selector to use the identity. + nullable: true + properties: + list: + description: A nil or empty list indicates that AzureCluster cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: "Selector is a selector of namespaces that AzureCluster + can use this Identity from. This is a standard Kubernetes LabelSelector, + a label query over a set of resources. The result of matchLabels + and matchExpressions are ANDed. \n A nil or empty selector indicates + that AzureCluster cannot use this AzureClusterIdentity from + any namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: ClientID is the service principal client ID. Both User + Assigned MSI and SP can use this field. + type: string + clientSecret: + description: ClientSecret is a secret reference which should contain + either a Service Principal password or certificate secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + resourceID: + description: ResourceID is the Azure resource ID for the User Assigned + MSI resource. Only applicable when type is UserAssignedMSI. + type: string + tenantID: + description: TenantID is the service principal primary tenant id. + type: string + type: + description: Type is the type of Azure Identity used. ServicePrincipal, + ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal + or WorkloadIdentity. + enum: + - ServicePrincipal + - UserAssignedMSI + - ManualServicePrincipal + - ServicePrincipalCertificate + - WorkloadIdentity + type: string + required: + - clientID + - tenantID + - type + type: object + status: + description: AzureClusterIdentityStatus defines the observed state of + AzureClusterIdentity. + properties: + conditions: + description: Conditions defines current service state of the AzureClusterIdentity. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureCluster + listKind: AzureClusterList + plural: azureclusters + singular: azurecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.resourceGroup + name: Resource Group + priority: 1 + type: string + - jsonPath: .spec.subscriptionID + name: SubscriptionID + priority: 1 + type: string + - jsonPath: .spec.location + name: Location + priority: 1 + type: string + - description: Control Plane Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Time duration since creation of this AzureCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: + \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than the default + must also be accompanied by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. ASO currently + does not support referring to multiple different clouds in a single + installation. The following fields must be defined in the Secret: + - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to the Bastions + in the cluster. + properties: + azureBastion: + description: AzureBastion specifies how the Azure Bastion cloud + component should be configured. + properties: + enableTunneling: + default: false + description: EnableTunneling enables the native client support + feature for the Azure Bastion Host. Defaults to false. + type: boolean + name: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create an + Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated with + the object. + properties: + tag: + description: 'Tag specifies the value of the IP + tag associated with the public IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag type. Example: + FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + sku: + default: Basic + description: BastionHostSkuName configures the tier of the + Azure Bastion Host. Can be either Basic or Standard. Defaults + to Basic. + enum: + - Basic + - Standard + type: string + subnet: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of + the IP tag associated with the public + IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag + type. Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the + private endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set + it true when the network admin does not have access + to approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP + addresses for the network interface associated + with the private endpoint. They have to be part + of the subnet where the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service + connection associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint should + connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination IP range. + Asterix '*' can also be used to match all + source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. + type: string + destinationPorts: + description: DestinationPorts specifies the + destination port or range. Integer or range + between 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + direction: + description: Direction indicates whether the + rule applies to inbound, or outbound traffic. + "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before + higher numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to + match all source IPs. Default tags such as + 'VirtualNetwork', 'AzureLoadBalancer' and + 'Internet' can also be used. If this is an + ingress rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all + ports. + type: string + sources: + description: Sources specifies The CIDR or source + IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional set of configuration + values that can be overridden in azure cloud provider config. This + is only a subset of options that are available in azure cloud provider + config. Some values for the cloud provider config are inferred from + other parts of cluster api provider azure spec, and may not be available + for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized by creating + the secret beforehand. CloudProviderConfigOverrides is only used + when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit configuration + for a particular kind of resource. Eg. loadBalancerRateLimit + is used to configure rate limits for load balancers. This + eventually gets converted to CloudProviderRateLimitConfig + that cloud-provider-azure expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly because + floating point values are not supported in controller-tools. + See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate limit config + options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. It is not recommended to set + this when creating an AzureCluster as CAPZ will set this for you. + However, if it is set, CAPZ will not change it. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains in the cluster''s + region, used to restrict eligibility to host the control plane. + A FailureDomain maps to an availability zone, which is a separated + group of datacenters within a region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity to be + used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the control-plane + load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration for the + control-plane outbound load balancer. This is different from + APIServerLB, and is used only in private clusters (optionally) + for enabling outbound traffic. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the node + outbound load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name for the + Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access + to approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of + the group(s) obtained from the remote resource + that this private endpoint should connect + to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies the destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + direction: + description: Direction indicates whether the rule + applies to inbound, or outbound traffic. "Inbound" + or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before higher + numbers. Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol type. + "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to match + all source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + sources: + description: Sources specifies The CIDR or source + IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's address + space, specified as one or more address prefixes in CIDR + notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the virtual network. + READ-ONLY + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + peerings: + description: Peerings defines a list of peerings of the newly + created virtual network with existing virtual networks. + items: + description: VnetPeeringSpec specifies an existing remote + virtual network to peer with the AzureCluster's virtual + network. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies VnetPeeringProperties + for peering from the cluster's virtual network to + the remote virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of the remote + virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group name + of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies VnetPeeringProperties + for peering from the remote virtual network to the + cluster's virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + subscriptionID: + type: string + required: + - location + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster. + properties: + conditions: + description: Conditions defines current service state of the AzureCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains specifies the list of unique failure + domains for the location/region of the cluster. A FailureDomain + maps to Availability Zone with an Azure Region (if the region support + them). An Availability Zone is a separate data center within a region + and they can be used to ensure the cluster is more resilient to + failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview + This list will be used by Cluster API to try and spread the machines + across the failure domains.' + type: object + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterTemplate + listKind: AzureClusterTemplateList + plural: azureclustertemplates + singular: azureclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterTemplate is the Schema for the azureclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. + properties: + template: + description: AzureClusterTemplateResource describes the data needed + to create an AzureCluster from a template. + properties: + spec: + description: AzureClusterTemplateResourceSpec specifies an Azure + cluster template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" + - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than + the default must also be accompanied by corresponding changes + to the aso-controller-settings Secret to configure ASO to + refer to the non-Public cloud. ASO currently does not support + referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to + the Bastions in the cluster. + properties: + azureBastion: + description: AzureBastionTemplateSpec specifies a template + for an Azure Bastion host. + properties: + subnet: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to + this subnet. + items: + description: PrivateEndpointSpec configures + an Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration + is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName + specifies the network interface name associated + with the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if + the connection approval needs to be done + manually or not. Set it true when the + network admin does not have access to + approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of + the private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. + They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID + specifies the resource ID of the + private link service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of + the remote resource with the private + endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. + Node, ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this + rule. Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be + used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all + ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules + are processed in priority order, with + lower numbers processed before higher + numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the + protocol type. "Tcp", "Udp", "Icmp", + or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' + can also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + sources: + description: Sources specifies The CIDR + or source IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the + subnets. + items: + description: ServiceEndpointSpec configures + an Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional + set of configuration values that can be overridden in azure + cloud provider config. This is only a subset of options + that are available in azure cloud provider config. Some + values for the cloud provider config are inferred from other + parts of cluster api provider azure spec, and may not be + available for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized + by creating the secret beforehand. CloudProviderConfigOverrides + is only used when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config + options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit + configuration for a particular kind of resource. Eg. + loadBalancerRateLimit is used to configure rate limits + for load balancers. This eventually gets converted + to CloudProviderRateLimitConfig that cloud-provider-azure + expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly + because floating point values are not supported in + controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate + limit config options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit + spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains + in the cluster''s region, used to restrict eligibility to + host the control plane. A FailureDomain maps to an availability + zone, which is a separated group of datacenters within a + region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to + Azure network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the + control-plane load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration + for the control-plane outbound load balancer. This is + different from APIServerLB, and is used only in private + clusters (optionally) for enabling outbound traffic. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the + node outbound load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name + for the Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to this + subnet. + items: + description: PrivateEndpointSpec configures an + Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration is + included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. They + have to be part of the subnet where the + private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, + ControlPlane) + enum: + - node + - control-plane + - bastion + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. + Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be used + to match all source IPs. Default tags + such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules are + processed in priority order, with lower + numbers processed before higher numbers. + Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can + also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also be + used to match all ports. + type: string + sources: + description: Sources specifies The CIDR + or source IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an + Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual + network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's + address space, specified as one or more address + prefixes in CIDR notation. + items: + type: string + type: array + peerings: + description: Peerings defines a list of peerings of + the newly created virtual network with existing + virtual networks. + items: + description: VnetPeeringClassSpec specifies a virtual + network peering class. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies + VnetPeeringProperties for peering from the + cluster's virtual network to the remote virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of + the remote virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group + name of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies + VnetPeeringProperties for peering from the + remote virtual network to the cluster's virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + subscriptionID: + type: string + required: + - location + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePoolMachine + listKind: AzureMachinePoolMachineList + plural: azuremachinepoolmachines + shortNames: + - ampm + singular: azuremachinepoolmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Kubernetes version + jsonPath: .status.version + name: Version + type: string + - description: Flag indicating infrastructure is successfully provisioned + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS VM provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePoolMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Azure VMSS VM ID + jsonPath: .spec.providerID + name: VMSS VM ID + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePoolMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolMachineSpec defines the desired state of + AzureMachinePoolMachine. + properties: + instanceID: + description: InstanceID is the identification of the Machine Instance + within the VMSS + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + required: + - providerID + type: object + status: + description: AzureMachinePoolMachineStatus defines the observed state + of AzureMachinePoolMachine. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n Any transient errors that occur during the reconciliation of + MachinePools can be added as events to the MachinePool object and/or + logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool machine and will + contain a succinct value suitable for machine interpretation. \n + Any transient errors that occur during the reconciliation of MachinePools + can be added as events to the MachinePool object and/or logged in + the controller's output." + type: string + instanceName: + description: InstanceName is the name of the Machine Instance within + the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the image + version the VM is running. If the instance is not running the latest + model, it means the instance may not be running the version of Kubernetes + the Machine Pool has specified and needs to be updated. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine instance. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the VM Instance + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + identity: + default: None + description: Identity is the type of identity used for the Virtual + Machine Scale Set. The type 'SystemAssigned' is an implicitly created + identity. The generated identity will be assigned a Subscription + contributor role. The type 'UserAssigned' is a standalone Azure + resource provided by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + location: + description: Location is the Azure region location e.g. westus2 + type: string + orchestrationMode: + default: Uniform + description: OrchestrationMode specifies the orchestration mode for + the Virtual Machine Scale Set + enum: + - Flexible + - Uniform + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + strategy: + default: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + description: The deployment strategy to use to replace existing AzureMachinePoolMachines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + default: Oldest + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default is Oldest + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + default: 1 + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + default: 0 + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + default: RollingUpdate + description: Type of deployment. Currently the only supported + strategy is RollingUpdate + enum: + - RollingUpdate + type: string + type: object + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set + in the networkInterfaces field.' + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set + to DiskWithVMGuestState to encrypt the managed + disk along with the VMGuestState blob, and to + VMGuestStateOnly to encrypt the VMGuestState blob + only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be + set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for + a virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This is + useful for debugging software based launch issues. If not + specified then Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the + user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the + user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for + the Blob Primary Endpoint in the endpoints tab in + the Azure console or with the CLI by issuing `az + storage account list --query=''[].{name: name, "resource + group": resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + image: + description: Image is used to provide details of an image to use + during VM creation. If image details are omitted the image will + default the Azure Marketplace "capi" offer, which is based on + Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from + the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group + containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from + an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used to add + a `Plan` in the API request when creating the VM/VMSS + resource. This is needed when the source image from + which this SIG image was built requires the `Plan` to + be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single + network interface with a single IPConfig in the subnet specified + in the cluster's node subnet field. The primary interface will + be the first networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based + on whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize + that does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 + if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the + new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set to + DiskWithVMGuestState to encrypt the managed disk + along with the VMGuestState blob, and to VMGuestStateOnly + to encrypt the VMGuestState blob only. When set + to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be set + to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine or virtual + machine scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the + virtual machine. It has to be set to any specified value + to enable UefiSettings. The default behavior is: UefiSettings + will not be enabled unless this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot components + and halts the boot process if signature verification + fails. If omitted, the platform chooses a default, which + is subject to change over time, currently that default + is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it enables + the virtualized trusted platform module measurements + to create a known good boot integrity policy baseline. + The integrity policy baseline is used for comparison + with measurements from subsequent VM boots to determine + if anything has changed. This is required to be set + to Enabled if SecurityEncryptionType is defined. If + omitted, the platform chooses a default, which is subject + to change over time, currently that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmExtensions: + description: VMExtensions specifies a list of extensions to be + added to the scale set. + items: + description: VMExtension specifies the parameters for a custom + VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://learn.microsoft.com/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - vmSize + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachinePool. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + image: + description: Image is the current image used in the AzureMachinePool. + When the spec image is nil, this image is populated with the details + of the defaulted Azure Marketplace "capi" offer. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + infrastructureMachineKind: + description: InfrastructureMachineKind is the kind of the infrastructure + resources behind MachinePool Machines. + type: string + instances: + description: Instances is the VM instance status for each VM in the + VMSS + items: + description: AzureMachinePoolInstanceStatus provides status information + for each instance in the VMSS. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within the VMSS + type: string + instanceName: + description: InstanceName is the name of the Machine Instance + within the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the + image version the VM is running. If the instance is not running + the latest model, it means the instance may not be running + the version of Kubernetes the Machine Pool has specified and + needs to be updated. + type: boolean + providerID: + description: ProviderID is the provider identification of the + VMSS Instance + type: string + provisioningState: + description: ProvisioningState is the provisioning state of + the Azure virtual machine instance. + type: string + version: + description: Version defines the Kubernetes version for the + VM Instance + type: string + required: + - latestModelApplied + type: object + type: array + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + version: + description: Version is the Kubernetes version for the current VMSS + model + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachine + listKind: AzureMachineList + plural: azuremachines + singular: azuremachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Azure VM provisioning state + jsonPath: .status.vmState + name: State + type: string + - description: Cluster to which this AzureMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Machine object to which this AzureMachine belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + priority: 1 + type: string + - description: Azure VM ID + jsonPath: .spec.providerID + name: VM ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set in the + networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure UltraSSD + capability for the virtual machine. Defaults to true if Ultra + SSD data disks are specified, otherwise it doesn't set the capability + on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used to add + one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are used to + add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the data + disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the data + disk. This value is used to identify data disks within the + VM and therefore must be unique for each data disk attached + to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to + Enabled. It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to the + machine name to generate the disk name. Each disk name will + be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for a + virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings for + the virtual machine. This allows to configure capturing serial + output from the virtual machine on boot. This is useful for + debugging software based launch issues. If not specified then + Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the user + (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the user-managed + storage account. The URI typically will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for the + Blob Primary Endpoint in the endpoints tab in the Azure + console or with the CLI by issuing `az storage account + list --query=''[].{name: name, "resource group": resourceGroup, + "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses to + the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure which + is required for some CNI's to send traffic from a pods on one machine + to another. This is required for IpV6 with Calico in combination + with User Defined Routes (set by the Azure Cloud Controller manager). + Default is false for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. This + relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the virtual + machine. The type 'SystemAssigned' is an implicitly created identity. + The generated identity will be assigned a Subscription contributor + role. The type 'UserAssigned' is a standalone Azure resource provided + by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image to use during + VM creation. If image details are omitted the image will default + the Azure Marketplace "capi" offer, which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single network + interface with a single IPConfig in the subnet specified in the + cluster's node subnet field. The primary interface will be the first + networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based on + whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize that + does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 if + not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the new + network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating system + disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the OS + disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to Enabled. + It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption should + be enabled or disabled for a virtual machine or virtual machine + scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the virtual + machine. It has to be set to any specified value to enable UefiSettings. + The default behavior is: UefiSettings will not be enabled unless + this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings like + secure boot and vTPM used while creating the virtual machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure boot + should be enabled on the virtual machine. Secure Boot verifies + the digital signature of all boot components and halts the + boot process if signature verification fails. If omitted, + the platform chooses a default, which is subject to change + over time, currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should be + enabled on the virtual machine. When true it enables the + virtualized trusted platform module measurements to create + a known good boot integrity policy baseline. The integrity + policy baseline is used for comparison with measurements + from subsequent VM boots to determine if anything has changed. + This is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachine. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to be added + to the virtual machine. + items: + description: VMExtension specifies the parameters for a custom VM + extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings for + the extension. + type: object + version: + description: Version specifies the version of the script handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine. + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AzureMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachineTemplate + listKind: AzureMachineTemplateList + plural: azuremachinetemplates + singular: azuremachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create an AzureMachine from a template. + properties: + metadata: + description: "ObjectMeta is metadata that all persisted resources + must have, which includes all objects users must create. This + is a copy of customizable fields from metav1.ObjectMeta. \n + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` + and `MachineSet.Template`, which are not top-level Kubernetes + objects. Given that metav1.ObjectMeta has lots of special cases + and read-only fields which end up in the generated CRD validation, + having it as a subset simplifies the API and some issues that + can impact user experience. \n During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) + for v1alpha2, we noticed a failure would occur running Cluster + API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp + in body must be of type string: \"null\"`. The investigation + showed that `controller-tools@v2` behaves differently than its + previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) + package. \n In more details, we found that embedded (non-top + level) types that embedded `metav1.ObjectMeta` had validation + properties, including for `creationTimestamp` (metav1.Time). + The `metav1.Time` type specifies a custom json marshaller that, + when IsZero() is true, returns `null` which breaks validation + because the field isn't marked as nullable. \n In future versions, + controller-tools@v2 might allow overriding the type and validation + for embedded types. When that happens, this hack should be revisited." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be + set in the networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure + UltraSSD capability for the virtual machine. Defaults + to true if Ultra SSD data disks are specified, otherwise + it doesn't set the capability on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are + used to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign + to the data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of + the data disk. This value is used to identify data + disks within the VM and therefore must be unique for + each data disk attached to a VM. The value must be + between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk + parameters for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the + customer-managed disk encryption set resource + id for the managed disk that is used for Customer + Managed Key encrypted ConfidentialVM OS Disk + and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt + the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the + VMGuestState blob only. When set to VMGuestStateOnly, + VirtualizedTrustedPlatformModule should be + set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for + Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended + to the machine name to generate the disk name. Each + disk name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings + for a virtual machine. If not specified then Boot diagnostics + (Managed) will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This + is useful for debugging software based launch issues. + If not specified then Boot diagnostics (Managed) will + be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the + storage account for storing the diagnostics data + should be disabled (Disabled), provisioned by Azure + (Managed) or by the user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the + user-managed storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of + the user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone + endpoints. You can find the correct endpoint + by looking for the Blob Primary Endpoint in + the endpoints tab in the Azure console or with + the CLI by issuing `az storage account list + --query=''[].{name: name, "resource group": + resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses + to the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure + which is required for some CNI's to send traffic from a + pods on one machine to another. This is required for IpV6 + with Calico in combination with User Defined Routes (set + by the Azure Cloud Controller manager). Default is false + for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. This relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the + virtual machine. The type 'SystemAssigned' is an implicitly + created identity. The generated identity will be assigned + a Subscription contributor role. The type 'UserAssigned' + is a standalone Azure resource provided by the user and + assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image + to use during VM creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, + which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use + from the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group + of related images created by the publisher. + For example, UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For + example, 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource + group containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from + the Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is + published by a third party publisher and a Plan + will be generated for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an + image available at deploy time. Even if you use + 'latest', the VM image will not automatically update + after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use + from an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource + group containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network + interface configurations. If left unspecified, the VM will + get a single network interface with a single IPConfig in + the subnet specified in the cluster's node subnet field. + The primary interface will be the first networkInterface + specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables + Azure accelerated networking. If omitted, it will + be set based on whether the requested VMSize supports + accelerated networking. If AcceleratedNetworking is + set to true with a VMSize that does not support it, + Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of + private IP addresses to attach to the interface. Defaults + to 1 if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which + the new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating + system disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk + settings for the os disk. + properties: + option: + description: Option enables ephemeral OS when set + to "Local" See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to + the OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt the + managed disk along with the VMGuestState blob, + and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set + in the systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile + settings for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine + or virtual machine scale set. This should be disabled + when SecurityEncryptionType is set to DiskWithVMGuestState. + Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType + of the virtual machine. It has to be set to any specified + value to enable UefiSettings. The default behavior is: + UefiSettings will not be enabled unless this property + is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot + components and halts the boot process if signature + verification fails. If omitted, the platform chooses + a default, which is subject to change over time, + currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it + enables the virtualized trusted platform module + measurements to create a known good boot integrity + policy baseline. The integrity policy baseline is + used for comparison with measurements from subsequent + VM boots to determine if anything has changed. This + is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently + that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the + Machine should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the + virtual machine when it is evicted. It can be either + Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the + networkInterfaces field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and + scope to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition + to create for a system assigned identity. It can be + an Azure built-in role or a custom role. Refer to built-in + roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to + create for a system assigned identity. It can be any + valid UUID. If not specified, a random UUID will be + generated. + type: string + scope: + description: Scope is the scope that the role assignment + or definition applies to. The scope can be any REST + resource instance. If not specified, the scope will + be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone + Azure identities provided by the user The lifecycle of a + user-assigned identity is managed separately from the lifecycle + of the AzureMachine. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned + identities provided by the user to be assigned to Azure + resources. + properties: + providerID: + description: 'ProviderID is the identification ID of + the user-assigned Identity, the format of an identity + is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to + be added to the virtual machine. + items: + description: VMExtension specifies the parameters for a + custom VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension + handler publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedClusterTemplate + listKind: AzureManagedClusterTemplateList + plural: azuremanagedclustertemplates + shortNames: + - amct + singular: azuremanagedclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterTemplateSpec defines the desired state + of AzureManagedClusterTemplate. + properties: + template: + description: AzureManagedClusterTemplateResource describes the data + needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedClusterTemplateResourceSpec specifies + an Azure managed cluster template resource. + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration to + integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs that will + have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled or not. + type: boolean + name: + description: Name - The name of the managed cluster add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile for AKS + API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes + API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to create + the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates whether + to create additional public FQDN for private cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode for + private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied to + the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are 'true' + and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default is 'random'. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is 45. The + maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values + must be an integer followed by a unit ('s' for seconds, 'm' + for minutes, 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. The + default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is the scan-interval. + Values must be an integer followed by an 's'. No unit of time + other than seconds (s) is supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time + other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated for + scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - PublicCloud: + \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\" + \n Note that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings Secret to + configure ASO to refer to the non-Public cloud. ASO currently does + not support referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableLocalAccounts: + description: DisableLocalAccounts disables getting static credentials + for this cluster when set. Expected to only be used for AAD clusters. + type: boolean + dnsPrefix: + description: DNSPrefix allows the user to customize dns prefix. Immutable. + type: string + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. Immutable. + type: string + fleetsMember: + description: "FleetsMember is the spec for the fleet this cluster + is a member of. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members" + properties: + group: + description: Group is the group this member belongs to for multi-cluster + update management. + type: string + managerName: + description: ManagerName is the name of the fleet manager. + type: string + managerResourceGroup: + description: ManagerResourceGroup is the resource group of the + fleet manager. + type: string + name: + description: Name is the name of the member. + type: string + required: + - managerName + - managerResourceGroup + type: object + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration for the + cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint to + use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should not go + through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use for connecting + to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity ARM resource + ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned identity + for kubelet. For authentication with Azure Container Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster load + balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of allocated + SNAT ports per VM. Allowed values must be in the range of 0 + to 64000 (inclusive). The default value is 0 which results in + Azure dynamically allocating ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow idle + timeout in minutes. Allowed values must be in the range of 4 + to 120 (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound IPs + for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP Prefix resources + for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources for the + cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. For + the AzureManagedControlPlaneTemplate, this field is used only to + fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin should + use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + nodeResourceGroupName: + description: NodeResourceGroupName is the name of the resource group + containing cluster IaaS resources. Will be populated to default + in webhook. Immutable. + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. Immutable. + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. Use empty string to autogenerate new key. Use + null value to not set key. Immutable. + type: string + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network for the + AKS cluster. It will be created if it does not already exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource group + for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual Network + private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private endpoint + IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies the + network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access to + approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of the + group(s) obtained from the remote resource that + this private endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the private + link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies the + resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource with + the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - resourceGroupName + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: Initialized is true when the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + issuerURL: + description: IssuerURL is the OIDC issuer url of the Managed Cluster. + type: string + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the control + plane instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlaneTemplate + listKind: AzureManagedControlPlaneTemplateList + plural: azuremanagedcontrolplanetemplates + shortNames: + - amcpt + singular: azuremanagedcontrolplanetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneTemplateSpec defines the desired + state of AzureManagedControlPlaneTemplate. + properties: + template: + description: AzureManagedControlPlaneTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedControlPlaneTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration + to integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs + that will have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster + add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring + the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled + or not. + type: boolean + name: + description: Name - The name of the managed cluster + add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile + for AKS API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges + to kubernetes API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to + create the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates + whether to create additional public FQDN for private + cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode + for private cluster. + enum: + - System + - None + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied + to the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are + 'true' and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default + is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is + 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is + 45. The maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell + CA to ignore unscheduled pods before they're a certain + age. The default is '0s'. Values must be an integer + followed by a unit ('s' for seconds, 'm' for minutes, + 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. + The default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is + the scan-interval. Values must be an integer followed + by an 's'. No unit of time other than seconds (s) is + supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default + is '3m'. Values must be an integer followed by an 'm'. + No unit of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default + is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated + for scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is + false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is + true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - PublicCloud: \"AzurePublicCloud\" + - USGovernmentCloud: \"AzureUSGovernmentCloud\" \n Note + that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. + ASO currently does not support referring to multiple different + clouds in a single installation. The following fields must + be defined in the Secret: - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT + - AZURE_RESOURCE_MANAGER_AUDIENCE \n See the [ASO docs] + for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + disableLocalAccounts: + description: DisableLocalAccounts disables getting static + credentials for this cluster when set. Expected to only + be used for AAD clusters. + type: boolean + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the + Kubernetes DNS service. It must be within the Kubernetes + service address range specified in serviceCidr. Immutable. + type: string + fleetsMember: + description: "FleetsMember is the spec for the fleet this + cluster is a member of. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members" + properties: + group: + description: Group is the group this member belongs to + for multi-cluster update management. + type: string + managerName: + description: ManagerName is the name of the fleet manager. + type: string + managerResourceGroup: + description: ManagerResourceGroup is the resource group + of the fleet manager. + type: string + required: + - managerName + - managerResourceGroup + type: object + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration + for the cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint + to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint + to use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should + not go through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use + for connecting to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control + plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity + ARM resource ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned + identity for kubelet. For authentication with Azure Container + Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster + load balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of + allocated SNAT ports per VM. Allowed values must be + in the range of 0 to 64000 (inclusive). The default + value is 0 which results in Azure dynamically allocating + ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow + idle timeout in minutes. Allowed values must be in the + range of 4 to 120 (inclusive). The default value is + 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound + IPs for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP + Prefix resources for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources + for the cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer + to be provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical + Azure region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. For the AzureManagedControlPlaneTemplate, this field + is used only to fulfill the CAPI contract. + type: object + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin + should use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile + of the Managed Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network + for the AKS cluster. It will be created if it does not already + exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource + group for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet + for an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual + Network private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the + private endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region to + create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the + IP addresses for the network interface associated + with the private endpoint. They have to be + part of the subnet where the private endpoint + is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint + should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of + the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. Must + use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host encryption + is enabled on the node pool. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled on the node + pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes in the + pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations for + nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe sysctls + or unsafe sysctl patterns (ending in `*`). Valid values match + `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or + `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number of container + log files that can be present for a container. The number must + be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size in MB of + a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement for + containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period value. + Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make the Kubelet + fail to start if swap is enabled on the node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk usage + after which image garbage collection is always run. Valid values + are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk usage before + which image garbage collection is never run. Valid values are + 0-100 (inclusive) and must be less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes per + pod. Must not exceed kernel PID limit. -1 disables the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager policy to + use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. Default + to OS. Possible values include: 'OS', 'Temporary'. Requires Microsoft.ContainerService/KubeletDisk + preview feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a swap file + will be created on the agent nodes from this node pool. Max + value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). + Must be at least 1. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number of system-wide + asynchronous io requests. Valid values are 65536-6553500 + (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of file-handles + that the Linux kernel will allocate, by increasing increases + the maximum number of open files permitted. Valid values + are 8192-12000500 (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the number + of file watches allowed by the system. Each watch is roughly + 90 bytes on a 32-bit kernel, and roughly 160 bytes on a + 64-bit kernel. Valid values are 781250-2097152 (inclusive). + Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number of file-handles + a process can allocate. Valid values are 8192-20000500 (inclusive). + Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum number + of all threads that can be created. Valid values are 20-513785 + (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum number + of packets, queued on the INPUT side, when the interface + receives packets faster than kernel can process them. Valid + values are 1000-3240000 (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum ancillary + buffer size (option memory buffer) allowed per socket. Socket + option memory is used in a few cases to store extra structures + relating to usage of the socket. Valid values are 20480-4194304 + (inclusive). Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number of + connection requests that can be queued for any given listening + socket. An upper limit for the value of the backlog parameter + passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than the somaxconn, + then it's silently truncated to this limit. Valid values + are 4096-3240000 (inclusive). Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default send + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum send socket + buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP and UDP + traffic to choose the local port on the agent node. PortRange + should be specified in the format "first last". First, being + an integer, must be between [1024 - 60999]. Last, being + an integer, must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies the minimum + number of entries that may be in the ARP cache. Garbage + collection won't be triggered if the number of entries is + below this setting. Valid values are 128-80000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies soft maximum + number of entries that may be in the ARP cache. ARP garbage + collection will be triggered about 5 seconds after reaching + this soft maximum. Valid values are 512-90000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified hard maximum + number of entries in the ARP cache. Valid values are 1024-100000 + (inclusive). Maps to net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length of + time an orphaned connection will remain in the FIN_WAIT_2 + state before it's aborted at the local end. Valid values + are 5-120 (inclusive). Maps to net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the number + of keepalive probes TCP sends out, until it decides the + connection is broken. Valid values are 1-15 (inclusive). + Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the rate at + which TCP sends out a keepalive message when keepalive is + enabled. Valid values are 30-432000 (inclusive). Maps to + net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the maximum + number of queued connection requests that have still not + received an acknowledgment from the connecting client. If + this number is exceeded, the kernel will begin dropping + requests. Valid values are 128-3240000 (inclusive). Maps + to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal number + of timewait sockets held by system simultaneously. If this + number is exceeded, time-wait socket is immediately destroyed + and warning is printed. Valid values are 8000-1440000 (inclusive). + Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT + sockets for new connections when it's safe from protocol + viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the frequency + of the probes sent out. Multiplied by tcpKeepaliveprobes, + it makes up the time to kill a connection that isn't responding, + after probes started. Valid values are 1-75 (inclusive). + Maps to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies the + size of hash table used by nf_conntrack module to record + the established connection record of the TCP protocol. Valid + values are 65536-147456 (inclusive). Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies the maximum + number of connections supported by the nf_conntrack module + or the size of connection tracking table. Valid values are + 131072-1048576 (inclusive). Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number of + memory map areas a process may have. Maps to vm.max_map_count. + Valid values are 65530-262144 (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness of the + kernel in swapping memory pages. Higher values will increase + aggressiveness, lower values decrease the amount of swap. + Valid values are 0-100 (inclusive). Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage value + that controls tendency of the kernel to reclaim the memory, + which is used for caching of directory and inode objects. + Valid values are 1-500 (inclusive). Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether the + kernel should make aggressive use of memory compaction to make + more hugepages available. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various modes + of Transparent Hugepages. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. \n + [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of the nodes + present in node pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP prefix resource + ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each node + in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). + Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating system. + Default to Linux. Possible values include: 'Linux', 'Windows'. 'Windows' + requires the AzureManagedControlPlane's `spec.networkPlugin` to + be `azure`. Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler behavior. + Default to Delete. Possible values include: ''Deallocate'', ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority value. + Default to Regular. Possible values include: ''Regular'', ''Spot'' + Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters for the + node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot instance. + Possible values are any decimal value greater than zero or -1. If + you set the max price to be -1, the VM won't be evicted based on + price. The price for the VM will be the current price for spot or + the price for a standard VM, which ever is less, as long as there's + capacity and quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present in this + agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePoolTemplate + listKind: AzureManagedMachinePoolTemplateList + plural: azuremanagedmachinepooltemplates + shortNames: + - ammpt + singular: azuremanagedmachinepooltemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolTemplateSpec defines the desired state + of AzureManagedMachinePoolTemplate. + properties: + template: + description: AzureManagedMachinePoolTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedMachinePoolTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. + Must use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host + encryption is enabled on the node pool. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled + on the node pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes + in the pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations + for nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe + sysctls or unsafe sysctl patterns (ending in `*`). Valid + values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, + `fs.mqueue.*`, or `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number + of container log files that can be present for a container. + The number must be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size + in MB of a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement + for containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period + value. Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to + use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make + the Kubelet fail to start if swap is enabled on the + node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk + usage after which image garbage collection is always + run. Valid values are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk + usage before which image garbage collection is never + run. Valid values are 0-100 (inclusive) and must be + less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes + per pod. Must not exceed kernel PID limit. -1 disables + the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager + policy to use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. + Default to OS. Possible values include: 'OS', 'Temporary'. + Requires Microsoft.ContainerService/KubeletDisk preview + feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a + swap file will be created on the agent nodes from this + node pool. Max value of SwapFileSizeMB should be the + size of temporary disk(/dev/sdb). Must be at least 1. + See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent + nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number + of system-wide asynchronous io requests. Valid values + are 65536-6553500 (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of + file-handles that the Linux kernel will allocate, + by increasing increases the maximum number of open + files permitted. Valid values are 8192-12000500 + (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the + number of file watches allowed by the system. Each + watch is roughly 90 bytes on a 32-bit kernel, and + roughly 160 bytes on a 64-bit kernel. Valid values + are 781250-2097152 (inclusive). Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number + of file-handles a process can allocate. Valid values + are 8192-20000500 (inclusive). Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum + number of all threads that can be created. Valid + values are 20-513785 (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum + number of packets, queued on the INPUT side, when + the interface receives packets faster than kernel + can process them. Valid values are 1000-3240000 + (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum + ancillary buffer size (option memory buffer) allowed + per socket. Socket option memory is used in a few + cases to store extra structures relating to usage + of the socket. Valid values are 20480-4194304 (inclusive). + Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number + of connection requests that can be queued for any + given listening socket. An upper limit for the value + of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than + the somaxconn, then it's silently truncated to this + limit. Valid values are 4096-3240000 (inclusive). + Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP + and UDP traffic to choose the local port on the + agent node. PortRange should be specified in the + format "first last". First, being an integer, must + be between [1024 - 60999]. Last, being an integer, + must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies + the minimum number of entries that may be in the + ARP cache. Garbage collection won't be triggered + if the number of entries is below this setting. + Valid values are 128-80000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies + soft maximum number of entries that may be in the + ARP cache. ARP garbage collection will be triggered + about 5 seconds after reaching this soft maximum. + Valid values are 512-90000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified + hard maximum number of entries in the ARP cache. + Valid values are 1024-100000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length + of time an orphaned connection will remain in the + FIN_WAIT_2 state before it's aborted at the local + end. Valid values are 5-120 (inclusive). Maps to + net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the + number of keepalive probes TCP sends out, until + it decides the connection is broken. Valid values + are 1-15 (inclusive). Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the + rate at which TCP sends out a keepalive message + when keepalive is enabled. Valid values are 30-432000 + (inclusive). Maps to net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the + maximum number of queued connection requests that + have still not received an acknowledgment from the + connecting client. If this number is exceeded, the + kernel will begin dropping requests. Valid values + are 128-3240000 (inclusive). Maps to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal + number of timewait sockets held by system simultaneously. + If this number is exceeded, time-wait socket is + immediately destroyed and warning is printed. Valid + values are 8000-1440000 (inclusive). Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to + reuse TIME-WAIT sockets for new connections when + it's safe from protocol viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the + frequency of the probes sent out. Multiplied by + tcpKeepaliveprobes, it makes up the time to kill + a connection that isn't responding, after probes + started. Valid values are 1-75 (inclusive). Maps + to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies + the size of hash table used by nf_conntrack module + to record the established connection record of the + TCP protocol. Valid values are 65536-147456 (inclusive). + Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies + the maximum number of connections supported by the + nf_conntrack module or the size of connection tracking + table. Valid values are 131072-1048576 (inclusive). + Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number + of memory map areas a process may have. Maps to + vm.max_map_count. Valid values are 65530-262144 + (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness + of the kernel in swapping memory pages. Higher values + will increase aggressiveness, lower values decrease + the amount of swap. Valid values are 0-100 (inclusive). + Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage + value that controls tendency of the kernel to reclaim + the memory, which is used for caching of directory + and inode objects. Valid values are 1-500 (inclusive). + Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether + the kernel should make aggressive use of memory compaction + to make more hugepages available. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various + modes of Transparent Hugepages. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. + \n [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of + the nodes present in node pool. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP + prefix resource ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine + in this agent pool. If you specify 0, it will apply the + default osDisk size according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each + node in the pool. Allowed values are 'Ephemeral' and 'Managed' + (default). Immutable. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating + system. Default to Linux. Possible values include: 'Linux', + 'Windows'. 'Windows' requires the AzureManagedControlPlane's + `spec.networkPlugin` to be `azure`. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler + behavior. Default to Delete. Possible values include: ''Deallocate'', + ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority + value. Default to Regular. Possible values include: ''Regular'', + ''Spot'' Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters + for the node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for + auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for + auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. + Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot + instance. Possible values are any decimal value greater + than zero or -1. If you set the max price to be -1, the + VM won't be evicted based on price. The price for the VM + will be the current price for spot or the price for a standard + VM, which ever is less, as long as there's capacity and + quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present + in this agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: bastionhosts.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: BastionHost + listKind: BastionHostList + plural: bastionhosts + singular: bastionhost + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + name: + description: 'Name: Name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + privateIPAllocationMethod: + description: 'PrivateIPAllocationMethod: Private IP allocation + method.' + enum: + - Dynamic + - Static + type: string + publicIPAddress: + description: 'PublicIPAddress: Reference of the PublicIP resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: 'Subnet: Reference of the subnet resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + required: + - publicIPAddress + - subnet + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + maximum: 50 + minimum: 2 + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + enum: + - Basic + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Bastion Host resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the bastion + host resource.' + type: string + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.BastionHost Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.BastionHost_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + privateIPAllocationMethod: + type: string + publicIPAddress: + description: Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku The sku of this + Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.BastionHost_STATUS Bastion + Host resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + etag: + type: string + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration_STATUS + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku_STATUS The sku of + this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: fleetsmembers.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: FleetsMember + listKind: FleetsMemberList + plural: fleetsmembers + singular: fleetsmember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + clusterResourceReference: + description: 'ClusterResourceReference: The ARM resource id of the + cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/Fleet + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + description: 'ClusterResourceId: The ARM resource id of the cluster + that joins the Fleet. Must be a valid Azure resource id. e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + description: 'ETag: If eTag is provided in the response body, it may + also be provided as a header per the normal etag convention. Entity + tags are used for comparing two or more entities from the same requested + resource. HTTP/1.1 uses entity tags in the etag (section 14.19), + If-Match (section 14.24), If-None-Match (section 14.26), and If-Range + (section 14.27) header fields.' + type: string + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + type: string + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + name: + description: 'Name: The name of the resource' + type: string + provisioningState: + description: 'ProvisioningState: The status of the last operation.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230315preview.FleetsMember Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230315preview.Fleets_Member_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + clusterResourceReference: + description: 'ClusterResourceReference: The ARM resource id of the + cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/Fleet + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + description: Storage version of v1api20230315preview.Fleets_Member_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clusterResourceId: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + systemData: + description: Storage version of v1api20230315preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: Storage version of v1api20230201.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs + of the application security groups which agent pool will + associate when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: 'DnsZoneResourceReference: Resource ID of the + DNS Zone to be associated with the web app. Used only when + Web App Routing is enabled.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off, this field + will be exactly equal to it. If orchestratorVersion was , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: 'EffectiveNoProxy: A read-only list of all endpoints + for which traffic should not be sent to the proxy. This list + is a superset of noProxy and values injected by AKS.' + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: 'DnsZoneResourceId: Resource ID of the DNS Zone + to be associated with the web app. Used only when Web App + Routing is enabled.' + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: 'Identity: Managed identity of the Web Application + Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure + DNS resource and get certificates from Azure Key Vault. + See [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) + for more instructions.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time + (in minutes) to wait on eviction of pods and graceful + termination per node. This eviction wait time honors waiting + on pod disruption budgets. If this time is exceeded, the + upgrade fails. If not specified, the default is 30 minutes.' + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: 'DelegatedResources: The delegated identity resources + assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one + delegated identity resource. Internal use only.' + type: object + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: 'CertificateAuthority: Istio Service Mesh Certificate + Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca' + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: 'Revisions: The list of revisions of the Istio + control plane. When an upgrade is not in progress, this + holds one value. When canary upgrade is in progress, this + can only hold two consecutive values. For more information, + see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade' + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: 'ForceUpgrade: Whether to force upgrade the cluster. + Note that this option instructs upgrade operation to bypass + upgrade protections such as checking for deprecated API + usage. Enable this option only with caution.' + type: boolean + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time + (in minutes) to wait on eviction of pods and graceful + termination per node. This eviction wait time honors waiting + on pod disruption budgets. If this time is exceeded, the + upgrade fails. If not specified, the default is 30 minutes.' + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: 'DelegatedResources: The delegated identity resources + assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one + delegated identity resource. Internal use only.' + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: 'ResourceUID: The resourceUID uniquely identifies ManagedClusters + that reuse ARM ResourceIds (i.e: create, delete, create sequence)' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: 'CertificateAuthority: Istio Service Mesh Certificate + Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca' + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: 'Revisions: The list of revisions of the Istio + control plane. When an upgrade is not in progress, this + holds one value. When canary upgrade is in progress, this + can only hold two consecutive values. For more information, + see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade' + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: 'ForceUpgrade: Whether to force upgrade the cluster. + Note that this option instructs upgrade operation to bypass + upgrade protections such as checking for deprecated API + usage. Enable this option only with caution.' + type: boolean + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20231001.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20231001.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20231001.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20231001.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20231001.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: Storage version of v1api20231001.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20231001.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20231001.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20231001.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20231001.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20231001.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20231001.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20231001.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20231001.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20231001.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: Storage version of v1api20231001.ServiceMeshProfile Service + mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + istio: + description: Storage version of v1api20231001.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: Storage version of v1api20231001.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. + For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + plugin: + description: Storage version of v1api20231001.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: Storage version of v1api20231001.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + egressGateways: + items: + description: Storage version of v1api20231001.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: Storage version of v1api20231001.IstioIngressGateway + Istio ingress gateway configuration. For now, we support + up to one external ingress gateway named `aks-istio-ingressgateway-external` + and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20231001.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20231001.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: Storage version of v1api20231001.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: Storage version of v1api20231001.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: Storage version of v1api20231001.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20231001.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20231001.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: Storage version of v1api20231001.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20231001.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20231001.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + securityProfile: + description: Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: Storage version of v1api20231001.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + istio: + description: Storage version of v1api20231001.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. + For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + plugin: + description: Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: Storage version of v1api20231001.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + egressGateways: + items: + description: Storage version of v1api20231001.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: Storage version of v1api20231001.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support + up to one external ingress gateway named `aks-istio-ingressgateway-external` + and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20231001.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: Storage version of v1api20231001.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node pool version + cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node pool version + cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is Running + or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion was + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230202preview.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time (in minutes) + to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. + If this time is exceeded, the upgrade fails. If not specified, + the default is 30 minutes.' + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time (in minutes) + to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. + If this time is exceeded, the upgrade fails. If not specified, + the default is 30 minutes.' + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20231001.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange The + port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20231001.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag_STATUS Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20231001.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: natgateways.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.NatGateway Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: Storage version of v1api20220701.NatGatewaySku SKU of + nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20220701.NatGateway_STATUS Nat Gateway + resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: privateendpoints.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: PrivateEndpoint + listKind: PrivateEndpointList + plural: privateendpoints + singular: privateendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + ipConfigurations: + description: 'IpConfigurations: A list of IP configurations of the + private endpoint. This will be used to map to the First Party Service''s + endpoints.' + items: + description: An IP Configuration of the private endpoint. + properties: + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: 'ManualPrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource. Used when the network + admin does not have access to approve connections to the remote + resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: object + type: array + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: object + type: array + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Private endpoint resource. + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + description: 'CustomDnsConfigs: An array of custom dns configurations.' + items: + description: Contains custom Dns resolution configuration from customer. + properties: + fqdn: + description: 'Fqdn: Fqdn that resolves to private endpoint ip + address.' + type: string + ipAddresses: + description: 'IpAddresses: A list of private ip addresses of + the private endpoint.' + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: A list of IP configurations of the + private endpoint. This will be used to map to the First Party Service''s + endpoints.' + items: + description: An IP Configuration of the private endpoint. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: 'ManualPrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource. Used when the network + admin does not have access to approve connections to the remote + resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + name: + description: 'Name: Resource name.' + type: string + networkInterfaces: + description: 'NetworkInterfaces: An array of references to the network + interfaces created for this private endpoint.' + items: + description: A network interface in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the private + endpoint resource.' + type: string + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.PrivateEndpoint Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.PrivateEndpoint_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + customNetworkInterfaceName: + type: string + extendedLocation: + description: Storage version of v1api20220701.ExtendedLocation ExtendedLocation + complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipConfigurations: + items: + description: Storage version of v1api20220701.PrivateEndpointIPConfiguration + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + subnet: + description: Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + items: + description: Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS + Contains custom Dns resolution configuration from customer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fqdn: + type: string + ipAddresses: + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + type: string + etag: + type: string + extendedLocation: + description: Storage version of v1api20220701.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + name: + type: string + networkInterfaces: + items: + description: Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded + A network interface in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + provisioningState: + type: string + subnet: + description: Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: resourcegroups.resources.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20200601.ResourceGroup Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: Storage version of v1api20200601.ResourceGroup_STATUS Resource + group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: virtualnetworks.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetwork + listKind: VirtualNetworkList + plural: virtualnetworks + singular: virtualnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + required: + - virtualNetworkCommunity + type: object + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: 'EnableDdosProtection: Indicates if DDoS protection is + enabled for all the protected resources in the virtual network. + It requires a DDoS protection plan associated with the resource.' + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Virtual Network resource. + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + regionalCommunity: + description: 'RegionalCommunity: The BGP community associated + with the region of the virtual network.' + type: string + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: 'EnableDdosProtection: Indicates if DDoS protection is + enabled for all the protected resources in the virtual network. + It requires a DDoS protection plan associated with the resource.' + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the virtual + network resource.' + type: string + resourceGuid: + description: 'ResourceGuid: The resourceGuid property of the Virtual + Network resource.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20201101.VirtualNetwork Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetwork_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressSpace: + description: Storage version of v1api20201101.AddressSpace AddressSpace + contains an array of IP address ranges that can be used by subnets + of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + bgpCommunities: + description: Storage version of v1api20201101.VirtualNetworkBgpCommunities + Bgp Communities sent over ExpressRoute with each route corresponding + to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + virtualNetworkCommunity: + type: string + type: object + ddosProtectionPlan: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: Storage version of v1api20201101.DhcpOptions DhcpOptions + contains an array of DNS servers available to VMs deployed in the + virtual network. Standard DHCP option for a subnet overrides VNET + DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + extendedLocation: + description: Storage version of v1api20201101.ExtendedLocation ExtendedLocation + complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetwork_STATUS Virtual + Network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressSpace: + description: Storage version of v1api20201101.AddressSpace_STATUS + AddressSpace contains an array of IP address ranges that can be + used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + bgpCommunities: + description: Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS + Bgp Communities sent over ExpressRoute with each route corresponding + to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + regionalCommunity: + type: string + virtualNetworkCommunity: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: Storage version of v1api20201101.SubResource_STATUS Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + dhcpOptions: + description: Storage version of v1api20201101.DhcpOptions_STATUS DhcpOptions + contains an array of DNS servers available to VMs deployed in the + virtual network. Standard DHCP option for a subnet overrides VNET + DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + etag: + type: string + extendedLocation: + description: Storage version of v1api20201101.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + resourceGuid: + type: string + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: virtualnetworkssubnets.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetworksSubnet + listKind: VirtualNetworksSubnetList + plural: virtualnetworkssubnets + singular: virtualnetworkssubnet + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: object + type: array + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a network.azure.com/VirtualNetwork + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + enum: + - Disabled + - Enabled + type: string + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + enum: + - Disabled + - Enabled + type: string + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + required: + - owner + type: object + status: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + actions: + description: 'Actions: The actions permitted to the service + upon delegation.' + items: + type: string + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service delegation resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: + description: 'Type: Resource type.' + type: string + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurationProfiles: + description: 'IpConfigurationProfiles: Array of IP configuration profiles + which reference this subnet.' + items: + description: IP configuration profile child resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurations: + description: 'IpConfigurations: An array of references to the network + interface IP configurations using subnet.' + items: + description: IP configuration. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + type: string + privateEndpoints: + description: 'PrivateEndpoints: An array of references to private + endpoints.' + items: + description: Private endpoint resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the subnet + resource.' + type: string + purpose: + description: 'Purpose: A read-only string identifying the intention + of use for this subnet based on delegations and other user-defined + properties.' + type: string + resourceNavigationLinks: + description: 'ResourceNavigationLinks: An array of references to the + external resources using subnet.' + items: + description: ResourceNavigationLink resource. + properties: + id: + description: 'Id: Resource navigation link identifier.' + type: string + type: object + type: array + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + serviceAssociationLinks: + description: 'ServiceAssociationLinks: An array of references to services + injecting into this subnet.' + items: + description: ServiceAssociationLink resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service endpoint resource.' + type: string + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20201101.VirtualNetworksSubnet Generator + information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public + and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + delegations: + items: + description: Storage version of v1api20201101.Delegation Details + the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + serviceName: + type: string + type: object + type: array + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a network.azure.com/VirtualNetwork + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateLinkServiceNetworkPolicies: + type: string + routeTable: + description: Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + items: + description: Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + items: + description: Storage version of v1api20201101.ServiceEndpointPropertiesFormat + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + service: + type: string + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public + and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + items: + description: Storage version of v1api20201101.Delegation_STATUS + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actions: + items: + type: string + type: array + etag: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + serviceName: + type: string + type: + type: string + type: object + type: array + etag: + type: string + id: + type: string + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurationProfiles: + items: + description: Storage version of v1api20201101.IPConfigurationProfile_STATUS + IP configuration profile child resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurations: + items: + description: Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + name: + type: string + natGateway: + description: Storage version of v1api20201101.SubResource_STATUS Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + networkSecurityGroup: + description: Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateEndpoints: + items: + description: Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + type: string + provisioningState: + type: string + purpose: + type: string + resourceNavigationLinks: + items: + description: Storage version of v1api20201101.ResourceNavigationLink_STATUS + ResourceNavigationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + routeTable: + description: Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + serviceAssociationLinks: + items: + description: Storage version of v1api20201101.ServiceAssociationLink_STATUS + ServiceAssociationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpointPolicies: + items: + description: Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpoints: + items: + description: Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + provisioningState: + type: string + service: + type: string + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: azureserviceoperator-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusteridentities + - azureclusteridentities/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + - natgateways + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/status + - natgateways/status + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: azureserviceoperator-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capz-leader-election-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-proxy-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-manager-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings + namespace: capz-system +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_CLIENT_ID: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_SUBSCRIPTION_ID: "" + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + AZURE_TENANT_ID: "" +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: capz-system +spec: + ports: + - name: metrics + port: 8080 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: azureserviceoperator-proxy-service + namespace: capz-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: azureserviceoperator-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-azure +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-pattern= + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_ID + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_SECRET + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: AZURE_TENANT_ID + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: AZURE_SUBSCRIPTION_ID + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: mcr.microsoft.com/k8s/azureserviceoperator:v2.5.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8080 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + name: capz-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + azure.workload.identity/use: "true" + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false} + - --v=0 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/cluster-api-azure/cluster-api-azure-controller:v1.13.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/secrets/azure/tokens + name: azure-identity-token + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capz-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capz-webhook-service-cert + - name: azure-identity-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity-token +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: azureserviceoperator-serving-cert + namespace: capz-system +spec: + dnsNames: + - azureserviceoperator-webhook-service.capz-system.svc + - azureserviceoperator-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: azureserviceoperator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-serving-cert + namespace: capz-system +spec: + dnsNames: + - capz-webhook-service.capz-system.svc + - capz-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capz-selfsigned-issuer + secretName: capz-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: azureserviceoperator-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclusteridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclusteridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusteridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster + failurePolicy: Fail + name: validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedclustertemplate + failurePolicy: Fail + name: validation.azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - azuremanagedclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: validation.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine + failurePolicy: Fail + name: azuremachinepoolmachine.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepoolmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None diff --git a/files/cluster-api-provider-azure/v1.13.2/metadata.yaml b/files/cluster-api-provider-azure/v1.13.2/metadata.yaml new file mode 100644 index 00000000..f6120285 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.13.2/metadata.yaml @@ -0,0 +1,58 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 3 + contract: v1alpha2 + - major: 0 + minor: 4 + contract: v1alpha3 + - major: 0 + minor: 5 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 11 + contract: v1beta1 + - major: 1 + minor: 12 + contract: v1beta1 + - major: 1 + minor: 13 + contract: v1beta1 diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-aad.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aad.yaml new file mode 100644 index 00000000..54c36b40 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aad.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + oidc-client-id: ${AZURE_SERVER_APP_ID} + oidc-groups-claim: groups + oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ + oidc-username-claim: oid + oidc-username-prefix: '-' + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-clusterclass.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-clusterclass.yaml new file mode 100644 index 00000000..13b7e1e0 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-clusterclass.yaml @@ -0,0 +1,125 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedClusterTemplate + name: ${CLUSTER_NAME} + workers: + machinePools: + - class: default-system + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool0 + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-pool1 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePoolTemplate + name: ${CLUSTER_NAME}-pool1 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedClusterTemplate +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + template: + spec: {} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePoolTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + template: + spec: {} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + template: + spec: {} diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-topology.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-topology.yaml new file mode 100644 index 00000000..c78efb4b --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks-topology.yaml @@ -0,0 +1,21 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + version: ${KUBERNETES_VERSION} + workers: + machinePools: + - class: default-system + name: mp-0 + replicas: 1 + - class: default-worker + name: mp-1 + replicas: 1 diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks.yaml new file mode 100644 index 00000000..b99c2379 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-aks.yaml @@ -0,0 +1,118 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + services: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + oidcIssuerProfile: + enabled: true + resourceGroupName: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + mode: System + name: pool0 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + mode: User + name: pool1 + sku: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-bastion.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-bastion.yaml new file mode 100644 index 00000000..31cbcea5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-bastion.yaml @@ -0,0 +1,207 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-cni-v1.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-cni-v1.yaml new file mode 100644 index 00000000..fab81472 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-azure-cni-v1.yaml @@ -0,0 +1,214 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + networkInterfaces: + - privateIPConfigs: 110 + subnetName: control-plane-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + networkInterfaces: + - privateIPConfigs: 110 + subnetName: node-subnet + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + max-pods: "110" + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-clusterclass.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-clusterclass.yaml new file mode 100644 index 00000000..d85a122f --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-clusterclass.yaml @@ -0,0 +1,239 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${CLUSTER_CLASS_NAME} + namespace: default +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${CLUSTER_NAME}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterTemplate + name: ${CLUSTER_NAME}-azure-cluster + patches: + - definitions: + - jsonPatches: + - op: add + path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/cluster-name + valueFrom: + variable: builtin.cluster.name + - op: replace + path: /spec/template/spec/kubeadmConfigSpec/files + valueFrom: + template: | + - contentFrom: + secret: + key: control-plane-azure.json + name: "{{ .builtin.controlPlane.machineTemplate.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + name: controlPlaneAzureJsonSecretName + - definitions: + - jsonPatches: + - op: replace + path: /spec/template/spec/files + valueFrom: + template: | + - contentFrom: + secret: + key: worker-node-azure.json + name: "{{ .builtin.machineDeployment.infrastructureRef.name }}-azure-json" + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + selector: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + matchResources: + machineDeploymentClass: + names: + - ${CLUSTER_NAME}-worker + name: workerAzureJsonSecretName + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterTemplate +metadata: + name: ${CLUSTER_NAME}-azure-cluster + namespace: default +spec: + template: + spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + natGateway: + name: node-natgateway + role: node + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: replace_me + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-dual-stack.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-dual-stack.yaml new file mode 100644 index 00000000..070cd67a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-dual-stack.yaml @@ -0,0 +1,231 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni: calico-dual-stack + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 10.244.0.0/16 + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - 10.0.0.0/16 + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + cloud-provider: external + cluster-cidr: 10.244.0.0/16,2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-edgezone.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-edgezone.yaml new file mode 100644 index 00000000..81e7a725 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-edgezone.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + extendedLocation: + name: ${AZURE_EXTENDEDLOCATION_NAME} + type: ${AZURE_EXTENDEDLOCATION_TYPE} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-ephemeral.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-ephemeral.yaml new file mode 100644 index 00000000..105a0d9a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-ephemeral.yaml @@ -0,0 +1,211 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + cachingType: ReadOnly + diffDiskSettings: + option: Local + diskSizeGB: 50 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-flatcar.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-flatcar.yaml new file mode 100644 index 00000000..201774a2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-flatcar.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + overwrite: false + partitions: [] + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + # Workaround for https://github.com/kubernetes-sigs/cluster-api/issues/7679. + storage: + disks: + - device: /dev/disk/azure/scsi1/lun0 + partitions: + - number: 1 + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + mounts: + - - etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + image: + computeGallery: + gallery: flatcar4capi-742ef0cb-dcaa-4ecb-9cb0-bfd2e43dccc0 + name: flatcar-stable-amd64-capi-${KUBERNETES_VERSION} + version: ${FLATCAR_VERSION} + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + format: ignition + ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: kubeadm.service + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + After=oem-cloudinit.service + # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939. + After=containerd.service + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '@@HOSTNAME@@' + postKubeadmCommands: [] + preKubeadmCommands: + - sed -i "s/@@HOSTNAME@@/$(curl -s -H Metadata:true --noproxy '*' 'http://169.254.169.254/metadata/instance?api-version=2020-09-01' + | jq -r .compute.name)/g" /etc/kubeadm.yml +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-ipv6.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-ipv6.yaml new file mode 100644 index 00000000..884f77d5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-ipv6.yaml @@ -0,0 +1,247 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 2001:1234:5678:9a40::/58 + services: + cidrBlocks: + - fd00::/108 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - cidrBlocks: + - 10.0.0.0/16 + - 2001:1234:5678:9abc::/64 + name: control-plane-subnet + role: control-plane + - cidrBlocks: + - 10.1.0.0/16 + - 2001:1234:5678:9abd::/64 + name: node-subnet + role: node + vnet: + cidrBlocks: + - 10.0.0.0/8 + - 2001:1234:5678:9a00::/56 + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "true" + bind-address: '::' + cloud-provider: external + cluster-cidr: 2001:1234:5678:9a40::/58 + cluster-name: ${CLUSTER_NAME} + configure-cloud-routes: "true" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + scheduler: + extraArgs: + bind-address: '::' + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + controlPlane: + localAPIEndpoint: + advertiseAddress: '::' + bindPort: 6443 + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: fd00::10 + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + enableIPForwarding: true + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + enableIPForwarding: true + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + clusterConfiguration: + apiServer: + extraArgs: + bind-address: '::' + controllerManager: + extraArgs: + bind-address: '::' + scheduler: + extraArgs: + bind-address: '::' + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + cluster-dns: '[fd00::10]' + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool-windows.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool-windows.yaml new file mode 100644 index 00000000..0861baa2 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool-windows.yaml @@ -0,0 +1,288 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + annotations: + runtime: containerd + windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + location: ${AZURE_LOCATION} + template: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-win + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: + - powershell c:/create-external-network.ps1 + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool.yaml new file mode 100644 index 00000000..b337dc5a --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-machinepool.yaml @@ -0,0 +1,208 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-nvidia-gpu.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-nvidia-gpu.yaml new file mode 100644 index 00000000..4ced5e04 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-nvidia-gpu.yaml @@ -0,0 +1,206 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-private.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-private.yaml new file mode 100644 index 00000000..031b6c98 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-private.yaml @@ -0,0 +1,219 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + bastionSpec: + azureBastion: {} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + apiServerLB: + name: ${CLUSTER_NAME}-internal-lb + type: Internal + controlPlaneOutboundLB: + frontendIPsCount: 1 + nodeOutboundLB: + frontendIPsCount: 1 + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: + - if [ -f /tmp/kubeadm-join-config.yaml ] || [ -f /run/kubeadm/kubeadm-join-config.yaml + ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io apiserver' >> /etc/hosts; + fi + preKubeadmCommands: + - if [ -f /tmp/kubeadm.yaml ] || [ -f /run/kubeadm/kubeadm.yaml ]; then echo '127.0.0.1 apiserver.${CLUSTER_NAME}.capz.io + apiserver' >> /etc/hosts; fi + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-topology.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-topology.yaml new file mode 100644 index 00000000..28ad70f5 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-topology.yaml @@ -0,0 +1,23 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + containerd-logger: enabled + csi-proxy: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + topology: + class: ${CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: ${CLUSTER_NAME}-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template-windows.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template-windows.yaml new file mode 100644 index 00000000..f7104d26 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template-windows.yaml @@ -0,0 +1,293 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cni-windows: calico + csi-proxy: enabled + windows: enabled + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-win + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-win + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + annotations: + runtime: containerd + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + metadata: + annotations: + runtime: containerd + spec: + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Windows + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-win + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-win-azure-json + owner: root:root + path: c:/k/azure.json + permissions: "0644" + - content: |- + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe + Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe + path: C:/defender-exclude-calico.ps1 + permissions: "0744" + joinConfiguration: + nodeRegistration: + criSocket: npipe:////./pipe/containerd-containerd + kubeletExtraArgs: + cloud-provider: external + v: "2" + windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS + name: '{{ ds.meta_data["local_hostname"] }}' + postKubeadmCommands: + - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/defender-exclude-calico.ps1 + preKubeadmCommands: [] + users: + - groups: Administrators + name: capi + sshAuthorizedKeys: + - ${AZURE_SSH_PUBLIC_KEY:=""} diff --git a/files/cluster-api-provider-azure/v1.14.0/cluster-template.yaml b/files/cluster-api-provider-azure/v1.14.0/cluster-template.yaml new file mode 100644 index 00000000..185ecdb9 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/cluster-template.yaml @@ -0,0 +1,205 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-provider: external + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: [] + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID} + clientSecret: + name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} + namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} + tenantID: ${AZURE_TENANT_ID} + type: ServicePrincipal diff --git a/files/cluster-api-provider-azure/v1.14.0/infrastructure-components.yaml b/files/cluster-api-provider-azure/v1.14.0/infrastructure-components.yaml new file mode 100644 index 00000000..c1f68b12 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/infrastructure-components.yaml @@ -0,0 +1,64818 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + pod-security.kubernetes.io/enforce: privileged + name: capz-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusteridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterIdentity + listKind: AzureClusterIdentityList + plural: azureclusteridentities + singular: azureclusteridentity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type of AzureClusterIdentity + jsonPath: .spec.type + name: Type + type: string + - description: Time duration since creation of this AzureClusterIdentity + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterIdentity is the Schema for the azureclustersidentities + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterIdentitySpec defines the parameters that are + used to create an AzureIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify the namespaces + the clusters are allowed to use the identity from. Namespaces can + be selected either using an array of namespaces or with label selector. + An empty allowedNamespaces object indicates that AzureClusters can + use this identity from any namespace. If this object is nil, no + namespaces will be allowed (default behaviour, if this field is + not provided) A namespace should be either in the NamespaceList + or match with Selector to use the identity. + nullable: true + properties: + list: + description: A nil or empty list indicates that AzureCluster cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: "Selector is a selector of namespaces that AzureCluster + can use this Identity from. This is a standard Kubernetes LabelSelector, + a label query over a set of resources. The result of matchLabels + and matchExpressions are ANDed. \n A nil or empty selector indicates + that AzureCluster cannot use this AzureClusterIdentity from + any namespace." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + clientID: + description: ClientID is the service principal client ID. Both User + Assigned MSI and SP can use this field. + type: string + clientSecret: + description: ClientSecret is a secret reference which should contain + either a Service Principal password or certificate secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + resourceID: + description: ResourceID is the Azure resource ID for the User Assigned + MSI resource. Only applicable when type is UserAssignedMSI. + type: string + tenantID: + description: TenantID is the service principal primary tenant id. + type: string + type: + description: Type is the type of Azure Identity used. ServicePrincipal, + ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal + or WorkloadIdentity. + enum: + - ServicePrincipal + - UserAssignedMSI + - ManualServicePrincipal + - ServicePrincipalCertificate + - WorkloadIdentity + type: string + required: + - clientID + - tenantID + - type + type: object + status: + description: AzureClusterIdentityStatus defines the observed state of + AzureClusterIdentity. + properties: + conditions: + description: Conditions defines current service state of the AzureClusterIdentity. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureCluster + listKind: AzureClusterList + plural: azureclusters + singular: azurecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - jsonPath: .spec.resourceGroup + name: Resource Group + priority: 1 + type: string + - jsonPath: .spec.subscriptionID + name: SubscriptionID + priority: 1 + type: string + - jsonPath: .spec.location + name: Location + priority: 1 + type: string + - description: Control Plane Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Time duration since creation of this AzureCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: + \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than the default + must also be accompanied by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. ASO currently + does not support referring to multiple different clouds in a single + installation. The following fields must be defined in the Secret: + - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to the Bastions + in the cluster. + properties: + azureBastion: + description: AzureBastion specifies how the Azure Bastion cloud + component should be configured. + properties: + enableTunneling: + default: false + description: EnableTunneling enables the native client support + feature for the Azure Bastion Host. Defaults to false. + type: boolean + name: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create an + Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated with + the object. + properties: + tag: + description: 'Tag specifies the value of the IP + tag associated with the public IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag type. Example: + FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + sku: + default: Basic + description: BastionHostSkuName configures the tier of the + Azure Bastion Host. Can be either Basic or Standard. Defaults + to Basic. + enum: + - Basic + - Standard + type: string + subnet: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of + the IP tag associated with the public + IP. Example: SQL.' + type: string + type: + description: 'Type specifies the IP tag + type. Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the + private endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set + it true when the network admin does not have access + to approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP + addresses for the network interface associated + with the private endpoint. They have to be part + of the subnet where the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service + connection associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint should + connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + - all + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination IP range. + Asterix '*' can also be used to match all + source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. + type: string + destinationPorts: + description: DestinationPorts specifies the + destination port or range. Integer or range + between 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + direction: + description: Direction indicates whether the + rule applies to inbound, or outbound traffic. + "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before + higher numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to + match all source IPs. Default tags such as + 'VirtualNetwork', 'AzureLoadBalancer' and + 'Internet' can also be used. If this is an + ingress rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all + ports. + type: string + sources: + description: Sources specifies The CIDR or source + IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional set of configuration + values that can be overridden in azure cloud provider config. This + is only a subset of options that are available in azure cloud provider + config. Some values for the cloud provider config are inferred from + other parts of cluster api provider azure spec, and may not be available + for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized by creating + the secret beforehand. CloudProviderConfigOverrides is only used + when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit configuration + for a particular kind of resource. Eg. loadBalancerRateLimit + is used to configure rate limits for load balancers. This + eventually gets converted to CloudProviderRateLimitConfig + that cloud-provider-azure expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly because + floating point values are not supported in controller-tools. + See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate limit config + options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. It is not recommended to set + this when creating an AzureCluster as CAPZ will set this for you. + However, if it is set, CAPZ will not change it. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains in the cluster''s + region, used to restrict eligibility to host the control plane. + A FailureDomain maps to an availability zone, which is a separated + group of datacenters within a region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity to be + used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the control-plane + load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration for the + control-plane outbound load balancer. This is different from + APIServerLB, and is used only in private clusters (optionally) + for enabling outbound traffic. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the node + outbound load balancer. + properties: + backendPool: + description: BackendPool describes the backend pool of the + load balancer. + properties: + name: + description: Name specifies the name of backend pool for + the load balancer. If not specified, the default name + will be set, depending on the load balancer role. + type: string + type: object + frontendIPs: + items: + description: FrontendIP defines a load balancer frontend + IP configuration. + properties: + name: + minLength: 1 + type: string + privateIP: + type: string + publicIP: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + required: + - name + type: object + type: array + frontendIPsCount: + description: FrontendIPsCount specifies the number of frontend + IP addresses for the load balancer. + format: int32 + type: integer + id: + description: ID is the Azure resource ID of the load balancer. + READ-ONLY + type: string + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout for + the TCP idle connection. + format: int32 + type: integer + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name for the + Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address space, + specified as one or more address prefixes in CIDR notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the subnet. + READ-ONLY + type: string + name: + description: Name defines a name for the subnet resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + id: + description: ID is the Azure resource ID of the NAT + gateway. READ-ONLY + type: string + ip: + description: PublicIPSpec defines the inputs to create + an Azure public IP address. + properties: + dnsName: + type: string + ipTags: + items: + description: IPTag contains the IpTag associated + with the object. + properties: + tag: + description: 'Tag specifies the value of the + IP tag associated with the public IP. Example: + SQL.' + type: string + type: + description: 'Type specifies the IP tag type. + Example: FirstPartyUsage.' + type: string + required: + - tag + - type + type: object + type: array + name: + type: string + required: + - name + type: object + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of private + endpoints that should be attached to this subnet. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private + endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access + to approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of + the group(s) obtained from the remote resource + that this private endpoint should connect + to. + items: + type: string + type: array + name: + description: Name specifies the name of the + private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource + with the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + enum: + - node + - control-plane + - bastion + - all + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the route + table. READ-ONLY + type: string + name: + type: string + required: + - name + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + description: ID is the Azure resource ID of the security + group. READ-ONLY + type: string + name: + type: string + securityRules: + description: SecurityRules is a slice of Azure security + rules for security groups. + items: + description: SecurityRule defines an Azure security + rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether network + traffic is allowed or denied. Can either be + "Allow" or "Deny". Defaults to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. Restricted + to 140 chars. + type: string + destination: + description: Destination is the destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies the destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + direction: + description: Direction indicates whether the rule + applies to inbound, or outbound traffic. "Inbound" + or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within the + network security group. + type: string + priority: + description: Priority is a number between 100 + and 4096. Each rule should have a unique value + for priority. Rules are processed in priority + order, with lower numbers processed before higher + numbers. Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol type. + "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR or source + IP range. Asterix '*' can also be used to match + all source IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts specifies source port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + sources: + description: Sources specifies The CIDR or source + IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + required: + - name + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's address + space, specified as one or more address prefixes in CIDR + notation. + items: + type: string + type: array + id: + description: ID is the Azure resource ID of the virtual network. + READ-ONLY + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + peerings: + description: Peerings defines a list of peerings of the newly + created virtual network with existing virtual networks. + items: + description: VnetPeeringSpec specifies an existing remote + virtual network to peer with the AzureCluster's virtual + network. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies VnetPeeringProperties + for peering from the cluster's virtual network to + the remote virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of the remote + virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group name + of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies VnetPeeringProperties + for peering from the remote virtual network to the + cluster's virtual network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies whether + the forwarded traffic from the VMs in the local + virtual network will be allowed/disallowed in + remote virtual network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies if gateway + links can be used in remote virtual networking + to link to this virtual network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network space + would be able to access the VMs in remote virtual + network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies if remote + gateways can be used on this virtual network. + If the flag is set to true, and allowGatewayTransit + on remote peering is also set to true, the virtual + network will use the gateways of the remote virtual + network for transit. Only one peering can have + this flag set to true. This flag cannot be set + if virtual network already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + subscriptionID: + type: string + required: + - location + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster. + properties: + conditions: + description: Conditions defines current service state of the AzureCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains specifies the list of unique failure + domains for the location/region of the cluster. A FailureDomain + maps to Availability Zone with an Azure Region (if the region support + them). An Availability Zone is a separate data center within a region + and they can be used to ensure the cluster is more resilient to + failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview + This list will be used by Cluster API to try and spread the machines + across the failure domains.' + type: object + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azureclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureClusterTemplate + listKind: AzureClusterTemplateList + plural: azureclustertemplates + singular: azureclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureClusterTemplate is the Schema for the azureclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. + properties: + template: + description: AzureClusterTemplateResource describes the data needed + to create an AzureCluster from a template. + properties: + spec: + description: AzureClusterTemplateResourceSpec specifies an Azure + cluster template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" + - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: + \"AzureUSGovernmentCloud\" \n Note that values other than + the default must also be accompanied by corresponding changes + to the aso-controller-settings Secret to configure ASO to + refer to the non-Public cloud. ASO currently does not support + referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + bastionSpec: + description: BastionSpec encapsulates all things related to + the Bastions in the cluster. + properties: + azureBastion: + description: AzureBastionTemplateSpec specifies a template + for an Azure Bastion host. + properties: + subnet: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to + this subnet. + items: + description: PrivateEndpointSpec configures + an Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration + is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName + specifies the network interface name associated + with the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if + the connection approval needs to be done + manually or not. Set it true when the + network admin does not have access to + approve connections to the remote resource. + Defaults to false. + type: boolean + name: + description: Name specifies the name of + the private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. + They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID + specifies the resource ID of the + private link service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of + the remote resource with the private + endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. + Node, ControlPlane) + enum: + - node + - control-plane + - bastion + - all + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this + rule. Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be + used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all + ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules + are processed in priority order, with + lower numbers processed before higher + numbers. Once traffic matches a rule, + processing stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the + protocol type. "Tcp", "Udp", "Icmp", + or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' + can also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also + be used to match all ports. + type: string + sources: + description: Sources specifies The CIDR + or source IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the + subnets. + items: + description: ServiceEndpointSpec configures + an Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: object + type: object + cloudProviderConfigOverrides: + description: 'CloudProviderConfigOverrides is an optional + set of configuration values that can be overridden in azure + cloud provider config. This is only a subset of options + that are available in azure cloud provider config. Some + values for the cloud provider config are inferred from other + parts of cluster api provider azure spec, and may not be + available for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs + Note: All cloud provider config values can be customized + by creating the secret beforehand. CloudProviderConfigOverrides + is only used when the secret is managed by the Azure Provider.' + properties: + backOffs: + description: BackOffConfig indicates the back-off config + options. + properties: + cloudProviderBackoff: + type: boolean + cloudProviderBackoffDuration: + type: integer + cloudProviderBackoffExponent: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffJitter: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderBackoffRetries: + type: integer + type: object + rateLimits: + items: + description: 'RateLimitSpec represents the rate limit + configuration for a particular kind of resource. Eg. + loadBalancerRateLimit is used to configure rate limits + for load balancers. This eventually gets converted + to CloudProviderRateLimitConfig that cloud-provider-azure + expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 + We cannot use CloudProviderRateLimitConfig directly + because floating point values are not supported in + controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245' + properties: + config: + description: RateLimitConfig indicates the rate + limit config options. + properties: + cloudProviderRateLimit: + type: boolean + cloudProviderRateLimitBucket: + type: integer + cloudProviderRateLimitBucketWrite: + type: integer + cloudProviderRateLimitQPS: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cloudProviderRateLimitQPSWrite: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: Name is the name of the rate limit + spec. + enum: + - defaultRateLimit + - routeRateLimit + - subnetsRateLimit + - interfaceRateLimit + - routeTableRateLimit + - loadBalancerRateLimit + - publicIPAddressRateLimit + - securityGroupRateLimit + - virtualMachineRateLimit + - storageAccountRateLimit + - diskRateLimit + - snapshotRateLimit + - virtualMachineScaleSetRateLimit + - virtualMachineSizesRateLimit + - availabilitySetRateLimit + type: string + required: + - name + type: object + type: array + type: object + extendedLocation: + description: ExtendedLocation is an optional set of ExtendedLocation + properties for clusters on Azure public MEC. + properties: + name: + description: Name defines the name for the extended location. + type: string + type: + description: Type defines the type for the extended location. + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains is a list of failure domains + in the cluster''s region, used to restrict eligibility to + host the control plane. A FailureDomain maps to an availability + zone, which is a separated group of datacenters within a + region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' + type: object + identityRef: + description: IdentityRef is a reference to an AzureIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to + Azure network. + properties: + apiServerLB: + description: APIServerLB is the configuration for the + control-plane load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + controlPlaneOutboundLB: + description: ControlPlaneOutboundLB is the configuration + for the control-plane outbound load balancer. This is + different from APIServerLB, and is used only in private + clusters (optionally) for enabling outbound traffic. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + nodeOutboundLB: + description: NodeOutboundLB is the configuration for the + node outbound load balancer. + properties: + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes specifies the timeout + for the TCP idle connection. + format: int32 + type: integer + sku: + description: SKU defines an Azure load balancer SKU. + type: string + type: + description: LBType defines an Azure load balancer + Type. + type: string + type: object + privateDNSZoneName: + description: PrivateDNSZoneName defines the zone name + for the Azure Private DNS. + type: string + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetTemplateSpec specifies a template + for a subnet. + properties: + cidrBlocks: + description: CIDRBlocks defines the subnet's address + space, specified as one or more address prefixes + in CIDR notation. + items: + type: string + type: array + name: + description: Name defines a name for the subnet + resource. + type: string + natGateway: + description: NatGateway associated with this subnet. + properties: + name: + type: string + required: + - name + type: object + privateEndpoints: + description: PrivateEndpoints defines a list of + private endpoints that should be attached to this + subnet. + items: + description: PrivateEndpointSpec configures an + Azure Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which + the private endpoint IP configuration is + included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region + to create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies + the IP addresses for the network interface + associated with the private endpoint. They + have to be part of the subnet where the + private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections + specifies Private Link Service Connections + of the private endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the + ID(s) of the group(s) obtained from + the remote resource that this private + endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name + of the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + role: + description: Role defines the subnet role (eg. Node, + ControlPlane) + enum: + - node + - control-plane + - bastion + - all + type: string + securityGroup: + description: SecurityGroup defines the NSG (network + security group) that should be attached to this + subnet. + properties: + securityRules: + description: SecurityRules is a slice of Azure + security rules for security groups. + items: + description: SecurityRule defines an Azure + security rule for security groups. + properties: + action: + default: Allow + description: Action specifies whether + network traffic is allowed or denied. + Can either be "Allow" or "Deny". Defaults + to "Allow". + enum: + - Allow + - Deny + type: string + description: + description: A description for this rule. + Restricted to 140 chars. + type: string + destination: + description: Destination is the destination + address prefix. CIDR or destination + IP range. Asterix '*' can also be used + to match all source IPs. Default tags + such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts specifies + the destination port or range. Integer + or range between 0 and 65535. Asterix + '*' can also be used to match all ports. + type: string + direction: + description: Direction indicates whether + the rule applies to inbound, or outbound + traffic. "Inbound" or "Outbound". + enum: + - Inbound + - Outbound + type: string + name: + description: Name is a unique name within + the network security group. + type: string + priority: + description: Priority is a number between + 100 and 4096. Each rule should have + a unique value for priority. Rules are + processed in priority order, with lower + numbers processed before higher numbers. + Once traffic matches a rule, processing + stops. + format: int32 + type: integer + protocol: + description: Protocol specifies the protocol + type. "Tcp", "Udp", "Icmp", or "*". + enum: + - Tcp + - Udp + - Icmp + - '*' + type: string + source: + description: Source specifies the CIDR + or source IP range. Asterix '*' can + also be used to match all source IPs. + Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can + also be used. If this is an ingress + rule, specifies where network traffic + originates from. + type: string + sourcePorts: + description: SourcePorts specifies source + port or range. Integer or range between + 0 and 65535. Asterix '*' can also be + used to match all ports. + type: string + sources: + description: Sources specifies The CIDR + or source IP ranges. + items: + type: string + type: array + required: + - description + - direction + - name + - protocol + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an + Azure Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - name + - role + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + vnet: + description: Vnet is the configuration for the Azure virtual + network. + properties: + cidrBlocks: + description: CIDRBlocks defines the virtual network's + address space, specified as one or more address + prefixes in CIDR notation. + items: + type: string + type: array + peerings: + description: Peerings defines a list of peerings of + the newly created virtual network with existing + virtual networks. + items: + description: VnetPeeringClassSpec specifies a virtual + network peering class. + properties: + forwardPeeringProperties: + description: ForwardPeeringProperties specifies + VnetPeeringProperties for peering from the + cluster's virtual network to the remote virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + remoteVnetName: + description: RemoteVnetName defines name of + the remote virtual network. + type: string + resourceGroup: + description: ResourceGroup is the resource group + name of the remote virtual network. + type: string + reversePeeringProperties: + description: ReversePeeringProperties specifies + VnetPeeringProperties for peering from the + remote virtual network to the cluster's virtual + network. + properties: + allowForwardedTraffic: + description: AllowForwardedTraffic specifies + whether the forwarded traffic from the + VMs in the local virtual network will + be allowed/disallowed in remote virtual + network. + type: boolean + allowGatewayTransit: + description: AllowGatewayTransit specifies + if gateway links can be used in remote + virtual networking to link to this virtual + network. + type: boolean + allowVirtualNetworkAccess: + description: AllowVirtualNetworkAccess specifies + whether the VMs in the local virtual network + space would be able to access the VMs + in remote virtual network space. + type: boolean + useRemoteGateways: + description: UseRemoteGateways specifies + if remote gateways can be used on this + virtual network. If the flag is set to + true, and allowGatewayTransit on remote + peering is also set to true, the virtual + network will use the gateways of the remote + virtual network for transit. Only one + peering can have this flag set to true. + This flag cannot be set if virtual network + already has a gateway. + type: boolean + type: object + required: + - remoteVnetName + type: object + type: array + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + subscriptionID: + type: string + required: + - location + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePoolMachine + listKind: AzureMachinePoolMachineList + plural: azuremachinepoolmachines + shortNames: + - ampm + singular: azuremachinepoolmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Kubernetes version + jsonPath: .status.version + name: Version + type: string + - description: Flag indicating infrastructure is successfully provisioned + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS VM provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePoolMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Azure VMSS VM ID + jsonPath: .spec.providerID + name: VMSS VM ID + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePoolMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolMachineSpec defines the desired state of + AzureMachinePoolMachine. + properties: + instanceID: + description: InstanceID is the identification of the Machine Instance + within the VMSS + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + required: + - providerID + type: object + status: + description: AzureMachinePoolMachineStatus defines the observed state + of AzureMachinePoolMachine. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n Any transient errors that occur during the reconciliation of + MachinePools can be added as events to the MachinePool object and/or + logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool machine and will + contain a succinct value suitable for machine interpretation. \n + Any transient errors that occur during the reconciliation of MachinePools + can be added as events to the MachinePool object and/or logged in + the controller's output." + type: string + instanceName: + description: InstanceName is the name of the Machine Instance within + the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the image + version the VM is running. If the instance is not running the latest + model, it means the instance may not be running the version of Kubernetes + the Machine Pool has specified and needs to be updated. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine instance. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the VM Instance + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + identity: + default: None + description: Identity is the type of identity used for the Virtual + Machine Scale Set. The type 'SystemAssigned' is an implicitly created + identity. The generated identity will be assigned a Subscription + contributor role. The type 'UserAssigned' is a standalone Azure + resource provided by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + location: + description: Location is the Azure region location e.g. westus2 + type: string + orchestrationMode: + default: Uniform + description: OrchestrationMode specifies the orchestration mode for + the Virtual Machine Scale Set + enum: + - Flexible + - Uniform + type: string + platformFaultDomainCount: + description: PlatformFaultDomainCount specifies the number of fault + domains that the Virtual Machine Scale Set can use. The count determines + the spreading algorithm of the Azure fault domain. + format: int32 + type: integer + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + strategy: + default: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + description: The deployment strategy to use to replace existing AzureMachinePoolMachines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + default: Oldest + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default is Oldest + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + default: 1 + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + default: 0 + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + default: RollingUpdate + description: Type of deployment. Currently the only supported + strategy is RollingUpdate + enum: + - RollingUpdate + type: string + type: object + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set + in the networkInterfaces field.' + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set + to DiskWithVMGuestState to encrypt the managed + disk along with the VMGuestState blob, and to + VMGuestStateOnly to encrypt the VMGuestState blob + only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be + set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for + a virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This is + useful for debugging software based launch issues. If not + specified then Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the + user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the + user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for + the Blob Primary Endpoint in the endpoints tab in + the Azure console or with the CLI by issuing `az + storage account list --query=''[].{name: name, "resource + group": resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + image: + description: Image is used to provide details of an image to use + during VM creation. If image details are omitted the image will + default the Azure Marketplace "capi" offer, which is based on + Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from + the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group + containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from + an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used to add + a `Plan` in the API request when creating the VM/VMSS + resource. This is needed when the source image from + which this SIG image was built requires the `Plan` to + be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. + This is needed when the source image from which this + SIG image was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single + network interface with a single IPConfig in the subnet specified + in the cluster's node subnet field. The primary interface will + be the first networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based + on whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize + that does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 + if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the + new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the + encryption type of the managed disk. It is set to + DiskWithVMGuestState to encrypt the managed disk + along with the VMGuestState blob, and to VMGuestStateOnly + to encrypt the VMGuestState blob only. When set + to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should be set + to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine or virtual + machine scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the + virtual machine. It has to be set to any specified value + to enable UefiSettings. The default behavior is: UefiSettings + will not be enabled unless this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot components + and halts the boot process if signature verification + fails. If omitted, the platform chooses a default, which + is subject to change over time, currently that default + is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it enables + the virtualized trusted platform module measurements + to create a known good boot integrity policy baseline. + The integrity policy baseline is used for comparison + with measurements from subsequent VM boots to determine + if anything has changed. This is required to be set + to Enabled if SecurityEncryptionType is defined. If + omitted, the platform chooses a default, which is subject + to change over time, currently that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmExtensions: + description: VMExtensions specifies a list of extensions to be + added to the scale set. + items: + description: VMExtension specifies the parameters for a custom + VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://learn.microsoft.com/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - vmSize + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachinePool. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + zoneBalance: + description: ZoneBalane dictates whether to force strictly even Virtual + Machine distribution cross x-zones in case there is zone outage. + type: boolean + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + image: + description: Image is the current image used in the AzureMachinePool. + When the spec image is nil, this image is populated with the details + of the defaulted Azure Marketplace "capi" offer. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + infrastructureMachineKind: + description: InfrastructureMachineKind is the kind of the infrastructure + resources behind MachinePool Machines. + type: string + instances: + description: Instances is the VM instance status for each VM in the + VMSS + items: + description: AzureMachinePoolInstanceStatus provides status information + for each instance in the VMSS. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within the VMSS + type: string + instanceName: + description: InstanceName is the name of the Machine Instance + within the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the + image version the VM is running. If the instance is not running + the latest model, it means the instance may not be running + the version of Kubernetes the Machine Pool has specified and + needs to be updated. + type: boolean + providerID: + description: ProviderID is the provider identification of the + VMSS Instance + type: string + provisioningState: + description: ProvisioningState is the provisioning state of + the Azure virtual machine instance. + type: string + version: + description: Version defines the Kubernetes version for the + VM Instance + type: string + required: + - latestModelApplied + type: object + type: array + longRunningOperationStates: + description: LongRunningOperationStates saves the state for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + version: + description: Version is the Kubernetes version for the current VMSS + model + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachine + listKind: AzureMachineList + plural: azuremachines + singular: azuremachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Azure VM provisioning state + jsonPath: .status.vmState + name: State + type: string + - description: Machine object to which this AzureMachine belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + priority: 1 + type: string + - description: Azure VM ID + jsonPath: .spec.providerID + name: VM ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.vmSize + name: VM Size + priority: 1 + type: string + - description: Time duration since creation of this AzureMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be set in the + networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure UltraSSD + capability for the virtual machine. Defaults to true if Ultra + SSD data disks are specified, otherwise it doesn't set the capability + on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used to add + one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are used to + add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the data + disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the data + disk. This value is used to identify data disks within the + VM and therefore must be unique for each data disk attached + to a VM. The value must be between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to + Enabled. It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended to the + machine name to generate the disk name. Each disk name will + be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings for a + virtual machine. If not specified then Boot diagnostics (Managed) + will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings for + the virtual machine. This allows to configure capturing serial + output from the virtual machine on boot. This is useful for + debugging software based launch issues. If not specified then + Boot diagnostics (Managed) will be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the storage + account for storing the diagnostics data should be disabled + (Disabled), provisioned by Azure (Managed) or by the user + (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the user-managed + storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of the user-managed + storage account. The URI typically will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone endpoints. + You can find the correct endpoint by looking for the + Blob Primary Endpoint in the endpoints tab in the Azure + console or with the CLI by issuing `az storage account + list --query=''[].{name: name, "resource group": resourceGroup, + "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses to + the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure which + is required for some CNI's to send traffic from a pods on one machine + to another. This is required for IpV6 with Calico in combination + with User Defined Routes (set by the Azure Cloud Controller manager). + Default is false for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. This + relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the virtual + machine. The type 'SystemAssigned' is an implicitly created identity. + The generated identity will be assigned a Subscription contributor + role. The type 'UserAssigned' is a standalone Azure resource provided + by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image to use during + VM creation. If image details are omitted the image will default + the Azure Marketplace "capi" offer, which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use from the + Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource group containing + the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use from an + Azure Shared Image Gallery Deprecated: use ComputeGallery instead.' + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer This value will be used to add a `Plan` in + the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization that + created the image. This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter This value will be used to add a `Plan` + in the API request when creating the VM/VMSS resource. This + is needed when the source image from which this SIG image + was built requires the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network interface + configurations. If left unspecified, the VM will get a single network + interface with a single IPConfig in the subnet specified in the + cluster's node subnet field. The primary interface will be the first + networkInterface specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based on + whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize that + does not support it, Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of private + IP addresses to attach to the interface. Defaults to 1 if + not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which the new + network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating system + disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the OS + disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security profile + for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed disk + that is used for Customer Managed Key encrypted ConfidentialVM + OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies the encryption + type of the managed disk. It is set to DiskWithVMGuestState + to encrypt the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot and + VirtualizedTrustedPlatformModule should be set to Enabled. + It can be set only for Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set in the + systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption should + be enabled or disabled for a virtual machine or virtual machine + scale set. This should be disabled when SecurityEncryptionType + is set to DiskWithVMGuestState. Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType of the virtual + machine. It has to be set to any specified value to enable UefiSettings. + The default behavior is: UefiSettings will not be enabled unless + this property is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings like + secure boot and vTPM used while creating the virtual machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure boot + should be enabled on the virtual machine. Secure Boot verifies + the digital signature of all boot components and halts the + boot process if signature verification fails. If omitted, + the platform chooses a default, which is subject to change + over time, currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should be + enabled on the virtual machine. When true it enables the + virtualized trusted platform module measurements to create + a known good boot integrity policy baseline. The integrity + policy baseline is used for comparison with measurements + from subsequent VM boots to determine if anything has changed. + This is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the virtual + machine when it is evicted. It can be either Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the networkInterfaces + field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and scope + to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition to + create for a system assigned identity. It can be an Azure built-in + role or a custom role. Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to create + for a system assigned identity. It can be any valid UUID. If + not specified, a random UUID will be generated. + type: string + scope: + description: Scope is the scope that the role assignment or definition + applies to. The scope can be any REST resource instance. If + not specified, the scope will be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachine. + See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to be added + to the virtual machine. + items: + description: VMExtension specifies the parameters for a custom VM + extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension handler + publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings for + the extension. + type: object + version: + description: Version specifies the version of the script handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine. + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AzureMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capz-webhook-service + namespace: capz-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachineTemplate + listKind: AzureMachineTemplateList + plural: azuremachinetemplates + singular: azuremachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create an AzureMachine from a template. + properties: + metadata: + description: "ObjectMeta is metadata that all persisted resources + must have, which includes all objects users must create. This + is a copy of customizable fields from metav1.ObjectMeta. \n + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` + and `MachineSet.Template`, which are not top-level Kubernetes + objects. Given that metav1.ObjectMeta has lots of special cases + and read-only fields which end up in the generated CRD validation, + having it as a subset simplifies the API and some issues that + can impact user experience. \n During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) + for v1alpha2, we noticed a failure would occur running Cluster + API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp + in body must be of type string: \"null\"`. The investigation + showed that `controller-tools@v2` behaves differently than its + previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) + package. \n In more details, we found that embedded (non-top + level) types that embedded `metav1.ObjectMeta` had validation + properties, including for `creationTimestamp` (metav1.Time). + The `metav1.Time` type specifies a custom json marshaller that, + when IsZero() is true, returns `null` which breaks validation + because the field isn't marked as nullable. \n In future versions, + controller-tools@v2 might allow overriding the type and validation + for embedded types. When that happens, this hack should be revisited." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + acceleratedNetworking: + description: 'Deprecated: AcceleratedNetworking should be + set in the networkInterfaces field.' + type: boolean + additionalCapabilities: + description: AdditionalCapabilities specifies additional capabilities + enabled or disabled on the virtual machine. + properties: + ultraSSDEnabled: + description: UltraSSDEnabled enables or disables Azure + UltraSSD capability for the virtual machine. Defaults + to true if Ultra SSD data disks are specified, otherwise + it doesn't set the capability on the VM. + type: boolean + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + dataDisks: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are + used to add one or more data disks to the machine. + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign + to the data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of + the data disk. This value is used to identify data + disks within the VM and therefore must be unique for + each data disk attached to a VM. The value must be + between 0 and 63. + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk + parameters for the data disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the + customer-managed disk encryption set resource + id for the managed disk that is used for Customer + Managed Key encrypted ConfidentialVM OS Disk + and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt + the managed disk along with the VMGuestState + blob, and to VMGuestStateOnly to encrypt the + VMGuestState blob only. When set to VMGuestStateOnly, + VirtualizedTrustedPlatformModule should be + set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for + Confidential VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + nameSuffix: + description: NameSuffix is the suffix to be appended + to the machine name to generate the disk name. Each + disk name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + diagnostics: + description: Diagnostics specifies the diagnostics settings + for a virtual machine. If not specified then Boot diagnostics + (Managed) will be enabled. + properties: + boot: + description: Boot configures the boot diagnostics settings + for the virtual machine. This allows to configure capturing + serial output from the virtual machine on boot. This + is useful for debugging software based launch issues. + If not specified then Boot diagnostics (Managed) will + be enabled. + properties: + storageAccountType: + description: StorageAccountType determines if the + storage account for storing the diagnostics data + should be disabled (Disabled), provisioned by Azure + (Managed) or by the user (UserManaged). + enum: + - Managed + - UserManaged + - Disabled + type: string + userManaged: + description: UserManaged provides a reference to the + user-managed storage account. + properties: + storageAccountURI: + description: 'StorageAccountURI is the URI of + the user-managed storage account. The URI typically + will be `https://.blob.core.windows.net/` + but may differ if you are using Azure DNS zone + endpoints. You can find the correct endpoint + by looking for the Blob Primary Endpoint in + the endpoints tab in the Azure console or with + the CLI by issuing `az storage account list + --query=''[].{name: name, "resource group": + resourceGroup, "blob endpoint": primaryEndpoints.blob}''`.' + maxLength: 1024 + pattern: ^https:// + type: string + required: + - storageAccountURI + type: object + required: + - storageAccountType + type: object + type: object + dnsServers: + description: DNSServers adds a list of DNS Server IP addresses + to the VM NICs. + items: + type: string + type: array + enableIPForwarding: + description: EnableIPForwarding enables IP Forwarding in Azure + which is required for some CNI's to send traffic from a + pods on one machine to another. This is required for IpV6 + with Calico in combination with User Defined Routes (set + by the Azure Cloud Controller manager). Default is false + for disabled. + type: boolean + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. This relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the + virtual machine. The type 'SystemAssigned' is an implicitly + created identity. The generated identity will be assigned + a Subscription contributor role. The type 'UserAssigned' + is a standalone Azure resource provided by the user and + assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image + to use during VM creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, + which is based on Ubuntu. + properties: + computeGallery: + description: ComputeGallery specifies an image to use + from the Azure Compute Gallery + properties: + gallery: + description: Gallery specifies the name of the compute + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + plan: + description: Plan contains plan information. + properties: + offer: + description: Offer specifies the name of a group + of related images created by the publisher. + For example, UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For + example, 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + required: + - offer + - publisher + - sku + type: object + resourceGroup: + description: ResourceGroup specifies the resource + group containing the private compute gallery. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the private compute gallery. + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - version + type: object + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from + the Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is + published by a third party publisher and a Plan + will be generated for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an + image available at deploy time. Even if you use + 'latest', the VM image will not automatically update + after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: 'SharedGallery specifies an image to use + from an Azure Shared Image Gallery Deprecated: use ComputeGallery + instead.' + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + publisher: + description: Publisher is the name of the organization + that created the image. This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + resourceGroup: + description: ResourceGroup specifies the resource + group containing the shared image gallery + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter This value will be used + to add a `Plan` in the API request when creating + the VM/VMSS resource. This is needed when the source + image from which this SIG image was built requires + the `Plan` to be used. + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + networkInterfaces: + description: NetworkInterfaces specifies a list of network + interface configurations. If left unspecified, the VM will + get a single network interface with a single IPConfig in + the subnet specified in the cluster's node subnet field. + The primary interface will be the first networkInterface + specified (index 0) in the list. + items: + description: NetworkInterface defines a network interface. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables + Azure accelerated networking. If omitted, it will + be set based on whether the requested VMSize supports + accelerated networking. If AcceleratedNetworking is + set to true with a VMSize that does not support it, + Azure will return an error. + type: boolean + privateIPConfigs: + description: PrivateIPConfigs specifies the number of + private IP addresses to attach to the interface. Defaults + to 1 if not specified. + type: integer + subnetName: + description: SubnetName specifies the subnet in which + the new network interface will be placed. + type: string + type: object + type: array + osDisk: + description: OSDisk specifies the parameters for the operating + system disk of the machine + properties: + cachingType: + description: CachingType specifies the caching requirements. + enum: + - None + - ReadOnly + - ReadWrite + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk + settings for the os disk. + properties: + option: + description: Option enables ephemeral OS when set + to "Local" See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to + the OS disk. Will have a default of 30GB if not provided + format: int32 + type: integer + managedDisk: + description: ManagedDisk specifies the Managed Disk parameters + for the OS disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityProfile: + description: SecurityProfile specifies the security + profile for the managed disk. + properties: + diskEncryptionSet: + description: DiskEncryptionSet specifies the customer-managed + disk encryption set resource id for the managed + disk that is used for Customer Managed Key encrypted + ConfidentialVM OS Disk and VMGuest blob. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + securityEncryptionType: + description: SecurityEncryptionType specifies + the encryption type of the managed disk. It + is set to DiskWithVMGuestState to encrypt the + managed disk along with the VMGuestState blob, + and to VMGuestStateOnly to encrypt the VMGuestState + blob only. When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule + should be set to Enabled. When set to DiskWithVMGuestState, + EncryptionAtHost should be disabled, SecureBoot + and VirtualizedTrustedPlatformModule should + be set to Enabled. It can be set only for Confidential + VMs. + enum: + - VMGuestStateOnly + - DiskWithVMGuestState + type: string + type: object + storageAccountType: + type: string + type: object + osType: + type: string + required: + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + roleAssignmentName: + description: 'Deprecated: RoleAssignmentName should be set + in the systemAssignedIdentityRole field.' + type: string + securityProfile: + description: SecurityProfile specifies the Security profile + settings for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine + or virtual machine scale set. This should be disabled + when SecurityEncryptionType is set to DiskWithVMGuestState. + Default is disabled. + type: boolean + securityType: + description: 'SecurityType specifies the SecurityType + of the virtual machine. It has to be set to any specified + value to enable UefiSettings. The default behavior is: + UefiSettings will not be enabled unless this property + is set.' + enum: + - ConfidentialVM + - TrustedLaunch + type: string + uefiSettings: + description: UefiSettings specifies the security settings + like secure boot and vTPM used while creating the virtual + machine. + properties: + secureBootEnabled: + description: SecureBootEnabled specifies whether secure + boot should be enabled on the virtual machine. Secure + Boot verifies the digital signature of all boot + components and halts the boot process if signature + verification fails. If omitted, the platform chooses + a default, which is subject to change over time, + currently that default is false. + type: boolean + vTpmEnabled: + description: VTpmEnabled specifies whether vTPM should + be enabled on the virtual machine. When true it + enables the virtualized trusted platform module + measurements to create a known good boot integrity + policy baseline. The integrity policy baseline is + used for comparison with measurements from subsequent + VM boots to determine if anything has changed. This + is required to be set to Enabled if SecurityEncryptionType + is defined. If omitted, the platform chooses a default, + which is subject to change over time, currently + that default is false. + type: boolean + type: object + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the + Machine should use a Spot VM + properties: + evictionPolicy: + description: EvictionPolicy defines the behavior of the + virtual machine when it is evicted. It can be either + Delete or Deallocate. + enum: + - Deallocate + - Delete + type: string + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string, base64-encoded + to add to a Virtual Machine. Linux only. Refer to documentation + on how to set up SSH access on Windows instances. + type: string + subnetName: + description: 'Deprecated: SubnetName should be set in the + networkInterfaces field.' + type: string + systemAssignedIdentityRole: + description: SystemAssignedIdentityRole defines the role and + scope to assign to the system-assigned identity. + properties: + definitionID: + description: 'DefinitionID is the ID of the role definition + to create for a system assigned identity. It can be + an Azure built-in role or a custom role. Refer to built-in + roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles' + type: string + name: + description: Name is the name of the role assignment to + create for a system assigned identity. It can be any + valid UUID. If not specified, a random UUID will be + generated. + type: string + scope: + description: Scope is the scope that the role assignment + or definition applies to. The scope can be any REST + resource instance. If not specified, the scope will + be the subscription. + type: string + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone + Azure identities provided by the user The lifecycle of a + user-assigned identity is managed separately from the lifecycle + of the AzureMachine. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned + identities provided by the user to be assigned to Azure + resources. + properties: + providerID: + description: 'ProviderID is the identification ID of + the user-assigned Identity, the format of an identity + is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmExtensions: + description: VMExtensions specifies a list of extensions to + be added to the virtual machine. + items: + description: VMExtension specifies the parameters for a + custom VM extension. + properties: + name: + description: Name is the name of the extension. + type: string + protectedSettings: + additionalProperties: + type: string + description: ProtectedSettings is a JSON formatted protected + settings for the extension. + type: object + publisher: + description: Publisher is the name of the extension + handler publisher. + type: string + settings: + additionalProperties: + type: string + description: Settings is a JSON formatted public settings + for the extension. + type: object + version: + description: Version specifies the version of the script + handler. + type: string + required: + - name + - publisher + - version + type: object + type: array + vmSize: + type: string + required: + - osDisk + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureManagedCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.ready + name: Ready + type: string + - description: Time duration since creation of this AzureManagedCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedClusterTemplate + listKind: AzureManagedClusterTemplateList + plural: azuremanagedclustertemplates + shortNames: + - amct + singular: azuremanagedclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterTemplateSpec defines the desired state + of AzureManagedClusterTemplate. + properties: + template: + description: AzureManagedClusterTemplateResource describes the data + needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedClusterTemplateResourceSpec specifies + an Azure managed cluster template resource. + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureManagedControlPlane belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Time duration since creation of this AzureManagedControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration to + integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs that will + have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled or not. + type: boolean + name: + description: Name - The name of the managed cluster add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile for AKS + API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes + API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to create + the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates whether + to create additional public FQDN for private cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode for + private cluster. + type: string + type: object + asoManagedClusterPatches: + description: 'ASOManagedClusterPatches defines JSON merge patches + to be applied to the generated ASO ManagedCluster resource. WARNING: + This is meant to be used sparingly to enable features for development + and testing that are not otherwise represented in the CAPZ API. + Misconfiguration that conflicts with CAPZ''s normal mode of operation + is possible.' + items: + type: string + type: array + autoUpgradeProfile: + description: AutoUpgradeProfile defines the auto upgrade configuration. + properties: + upgradeChannel: + description: UpgradeChannel determines the type of upgrade channel + for automatically upgrading the cluster. + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied to + the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are 'true' + and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default is 'random'. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is 45. The + maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values + must be an integer followed by a unit ('s' for seconds, 'm' + for minutes, 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. The + default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is the scan-interval. + Values must be an integer followed by an 's'. No unit of time + other than seconds (s) is supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time + other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. Values + must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated for + scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud to be + used. The default value that would be used by most users is \"AzurePublicCloud\", + other values are: - ChinaCloud: \"AzureChinaCloud\" - PublicCloud: + \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\" + \n Note that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings Secret to + configure ASO to refer to the non-Public cloud. ASO currently does + not support referring to multiple different clouds in a single installation. + The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST + - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE + \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. Immutable, populated by the + AKS API at create. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableLocalAccounts: + description: DisableLocalAccounts disables getting static credentials + for this cluster when set. Expected to only be used for AAD clusters. + type: boolean + dnsPrefix: + description: DNSPrefix allows the user to customize dns prefix. Immutable. + type: string + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. Immutable. + type: string + enablePreviewFeatures: + description: EnablePreviewFeatures enables preview features for the + cluster. + type: boolean + extensions: + description: Extensions is a list of AKS extensions to be installed + on the cluster. + items: + description: "AKSExtension represents the configuration for an AKS + cluster extension. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions" + properties: + aksAssignedIdentityType: + description: AKSAssignedIdentityType is the type of the AKS + assigned identity. + enum: + - SystemAssigned + - UserAssigned + type: string + autoUpgradeMinorVersion: + default: true + description: AutoUpgradeMinorVersion is a flag to note if this + extension participates in auto upgrade of minor version, or + not. + type: boolean + configurationSettings: + additionalProperties: + type: string + description: ConfigurationSettings are the name-value pairs + for configuring this extension. + type: object + extensionType: + description: ExtensionType is the type of the Extension of which + this resource is an instance. It must be one of the Extension + Types registered with Microsoft.KubernetesConfiguration by + the Extension publisher. + type: string + identity: + description: Identity is the identity type of the Extension + resource in an AKS cluster. + enum: + - SystemAssigned + type: string + name: + description: Name is the name of the extension. + type: string + plan: + description: Plan is the plan of the extension. + properties: + name: + description: Name is the user-defined name of the 3rd Party + Artifact that is being procured. + type: string + product: + description: Product is the name of the 3rd Party artifact + that is being procured. + type: string + promotionCode: + description: PromotionCode is a publisher-provided promotion + code as provisioned in Data Market for the said product/artifact. + type: string + publisher: + description: Publisher is the name of the publisher of the + 3rd Party Artifact that is being bought. + type: string + version: + description: Version is the version of the plan. + type: string + required: + - product + - publisher + type: object + releaseTrain: + description: ReleaseTrain is the release train this extension + participates in for auto-upgrade (e.g. Stable, Preview, etc.) + This is only used if autoUpgradeMinorVersion is ‘true’. + type: string + scope: + description: Scope is the scope at which this extension is enabled. + properties: + releaseNamespace: + description: ReleaseNamespace is the namespace where the + extension Release must be placed, for a Cluster-scoped + extension. Required for Cluster-scoped extensions. + type: string + scopeType: + description: ScopeType is the scope of the extension. It + can be either Cluster or Namespace, but not both. + enum: + - Cluster + - Namespace + type: string + targetNamespace: + description: TargetNamespace is the namespace where the + extension will be created for a Namespace-scoped extension. + Required for Namespace-scoped extensions. + type: string + required: + - scopeType + type: object + version: + description: Version is the version of the extension. + type: string + required: + - extensionType + - name + - plan + type: object + type: array + fleetsMember: + description: "FleetsMember is the spec for the fleet this cluster + is a member of. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members" + properties: + group: + description: Group is the group this member belongs to for multi-cluster + update management. + type: string + managerName: + description: ManagerName is the name of the fleet manager. + type: string + managerResourceGroup: + description: ManagerResourceGroup is the resource group of the + fleet manager. + type: string + name: + description: Name is the name of the member. + type: string + required: + - managerName + - managerResourceGroup + type: object + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration for the + cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint to + use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should not go + through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use for connecting + to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity ARM resource + ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned identity + for kubelet. For authentication with Azure Container Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster load + balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of allocated + SNAT ports per VM. Allowed values must be in the range of 0 + to 64000 (inclusive). The default value is 0 which results in + Azure dynamically allocating ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow idle + timeout in minutes. Allowed values must be in the range of 4 + to 120 (inclusive). The default value is 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound IPs + for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP Prefix resources + for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources for the + cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. For + the AzureManagedControlPlaneTemplate, this field is used only to + fulfill the CAPI contract. + type: object + networkDataplane: + description: NetworkDataplane is the dataplane used for building the + Kubernetes network. + enum: + - azure + - cilium + type: string + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin should + use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + - cilium + type: string + nodeResourceGroupName: + description: NodeResourceGroupName is the name of the resource group + containing cluster IaaS resources. Will be populated to default + in webhook. Immutable. + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. Immutable. + type: string + securityProfile: + description: SecurityProfile defines the security profile for cluster. + properties: + azureKeyVaultKms: + description: AzureKeyVaultKms defines Azure Key Vault Management + Services Profile for the security profile. + properties: + enabled: + description: Enabled enables the Azure Key Vault key management + service. The default is false. + type: boolean + keyID: + description: KeyID defines the Identifier of Azure Key Vault + key. When Azure Key Vault key management service is enabled, + this field is required and must be a valid key identifier. + type: string + keyVaultNetworkAccess: + default: Public + description: KeyVaultNetworkAccess defines the network access + of key vault. The possible values are Public and Private. + Public means the key vault allows public access from all + networks. Private means the key vault disables public access + and enables private link. The default value is Public. + type: string + keyVaultResourceID: + description: KeyVaultResourceID is the Resource ID of key + vault. When keyVaultNetworkAccess is Private, this field + is required and must be a valid resource ID. + type: string + required: + - enabled + - keyID + type: object + defender: + description: Defender settings for the security profile. + properties: + logAnalyticsWorkspaceResourceID: + description: LogAnalyticsWorkspaceResourceID is the ID of + the Log Analytics workspace that has to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. + type: string + securityMonitoring: + description: SecurityMonitoring profile defines the Microsoft + Defender threat detection for Cloud settings for the security + profile. + properties: + enabled: + description: Enabled enables Defender threat detection + type: boolean + required: + - enabled + type: object + required: + - logAnalyticsWorkspaceResourceID + - securityMonitoring + type: object + imageCleaner: + description: ImageCleaner settings for the security profile. + properties: + enabled: + description: Enabled enables the Image Cleaner on AKS cluster. + type: boolean + intervalHours: + description: IntervalHours defines Image Cleaner scanning + interval in hours. Default value is 24 hours. + maximum: 2160 + minimum: 24 + type: integer + required: + - enabled + type: object + workloadIdentity: + description: Workloadidentity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. Ensure + to enable OIDC issuer while enabling Workload Identity + properties: + enabled: + description: Enabled enables the workload identity. + type: boolean + required: + - enabled + type: object + type: object + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. Use empty string to autogenerate new key. Use + null value to not set key. Immutable. + type: string + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network for the + AKS cluster. It will be created if it does not already exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource group + for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual Network + private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure Private + Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies the + Application security group in which the private endpoint + IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies the + network interface name associated with the private + endpoint. + type: string + location: + description: Location specifies the region to create + the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the connection + approval needs to be done manually or not. Set it + true when the network admin does not have access to + approve connections to the remote resource. Defaults + to false. + type: boolean + name: + description: Name specifies the name of the private + endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the IP addresses + for the network interface associated with the private + endpoint. They have to be part of the subnet where + the private endpoint is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private endpoint. + items: + description: PrivateLinkServiceConnection defines + the specification for a private link service connection + associated with a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) of the + group(s) obtained from the remote resource that + this private endpoint should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of the private + link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies the + resource ID of the private link service. + type: string + requestMessage: + description: RequestMessage specifies a message + passed to the owner of the remote resource with + the private endpoint connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual Network + service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure Service + Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - resourceGroupName + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane. + properties: + autoUpgradeVersion: + description: AutoUpgradeVersion is the Kubernetes version populated + after auto-upgrade based on the upgrade channel. + minLength: 2 + type: string + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: Initialized is true when the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile of the Managed + Cluster. + properties: + issuerURL: + description: IssuerURL is the OIDC issuer url of the Managed Cluster. + type: string + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + version: + description: Version defines the Kubernetes version for the control + plane instance. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlaneTemplate + listKind: AzureManagedControlPlaneTemplateList + plural: azuremanagedcontrolplanetemplates + shortNames: + - amcpt + singular: azuremanagedcontrolplanetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneTemplateSpec defines the desired + state of AzureManagedControlPlaneTemplate. + properties: + template: + description: AzureManagedControlPlaneTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedControlPlaneTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + aadProfile: + description: AadProfile is Azure Active Directory configuration + to integrate with AKS for aad authentication. + properties: + adminGroupObjectIDs: + description: AdminGroupObjectIDs - AAD group object IDs + that will have admin role of the cluster. + items: + type: string + type: array + managed: + description: Managed - Whether to enable managed AAD. + type: boolean + required: + - adminGroupObjectIDs + - managed + type: object + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + addonProfiles: + description: AddonProfiles are the profiles of managed cluster + add-on. + items: + description: AddonProfile represents a managed cluster add-on. + properties: + config: + additionalProperties: + type: string + description: Config - Key-value pairs for configuring + the add-on. + type: object + enabled: + description: Enabled - Whether the add-on is enabled + or not. + type: boolean + name: + description: Name - The name of the managed cluster + add-on. + type: string + required: + - enabled + - name + type: object + type: array + apiServerAccessProfile: + description: APIServerAccessProfile is the access profile + for AKS API server. Immutable except for `authorizedIPRanges`. + properties: + authorizedIPRanges: + description: AuthorizedIPRanges - Authorized IP Ranges + to kubernetes API server. + items: + type: string + type: array + enablePrivateCluster: + description: EnablePrivateCluster indicates whether to + create the cluster as a private cluster or not. + type: boolean + enablePrivateClusterPublicFQDN: + description: EnablePrivateClusterPublicFQDN indicates + whether to create additional public FQDN for private + cluster or not. + type: boolean + privateDNSZone: + description: PrivateDNSZone enables private dns zone mode + for private cluster. + type: string + type: object + asoManagedClusterPatches: + description: 'ASOManagedClusterPatches defines JSON merge + patches to be applied to the generated ASO ManagedCluster + resource. WARNING: This is meant to be used sparingly to + enable features for development and testing that are not + otherwise represented in the CAPZ API. Misconfiguration + that conflicts with CAPZ''s normal mode of operation is + possible.' + items: + type: string + type: array + autoUpgradeProfile: + description: AutoUpgradeProfile defines the auto upgrade configuration. + properties: + upgradeChannel: + description: UpgradeChannel determines the type of upgrade + channel for automatically upgrading the cluster. + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + autoscalerProfile: + description: AutoscalerProfile is the parameters to be applied + to the cluster-autoscaler when enabled + properties: + balanceSimilarNodeGroups: + description: BalanceSimilarNodeGroups - Valid values are + 'true' and 'false'. The default is false. + enum: + - "true" + - "false" + type: string + expander: + description: Expander - If not specified, the default + is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information. + enum: + - least-waste + - most-pods + - priority + - random + type: string + maxEmptyBulkDelete: + description: MaxEmptyBulkDelete - The default is 10. + type: string + maxGracefulTerminationSec: + description: MaxGracefulTerminationSec - The default is + 600. + pattern: ^(\d+)$ + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime - The default is '15m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + maxTotalUnreadyPercentage: + description: MaxTotalUnreadyPercentage - The default is + 45. The maximum is 100 and the minimum is 0. + maxLength: 3 + minLength: 1 + pattern: ^(\d+)$ + type: string + newPodScaleUpDelay: + description: NewPodScaleUpDelay - For scenarios like burst/batch + scale where you don't want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell + CA to ignore unscheduled pods before they're a certain + age. The default is '0s'. Values must be an integer + followed by a unit ('s' for seconds, 'm' for minutes, + 'h' for hours, etc). + type: string + okTotalUnreadyCount: + description: OkTotalUnreadyCount - This must be an integer. + The default is 3. + pattern: ^(\d+)$ + type: string + scaleDownDelayAfterAdd: + description: ScaleDownDelayAfterAdd - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownDelayAfterDelete: + description: ScaleDownDelayAfterDelete - The default is + the scan-interval. Values must be an integer followed + by an 's'. No unit of time other than seconds (s) is + supported. + pattern: ^(\d+)s$ + type: string + scaleDownDelayAfterFailure: + description: ScaleDownDelayAfterFailure - The default + is '3m'. Values must be an integer followed by an 'm'. + No unit of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnneededTime: + description: ScaleDownUnneededTime - The default is '10m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUnreadyTime: + description: ScaleDownUnreadyTime - The default is '20m'. + Values must be an integer followed by an 'm'. No unit + of time other than minutes (m) is supported. + pattern: ^(\d+)m$ + type: string + scaleDownUtilizationThreshold: + description: ScaleDownUtilizationThreshold - The default + is '0.5'. + type: string + scanInterval: + description: ScanInterval - How often cluster is reevaluated + for scale up or down. The default is '10s'. + pattern: ^(\d+)s$ + type: string + skipNodesWithLocalStorage: + description: SkipNodesWithLocalStorage - The default is + false. + enum: + - "true" + - "false" + type: string + skipNodesWithSystemPods: + description: SkipNodesWithSystemPods - The default is + true. + enum: + - "true" + - "false" + type: string + type: object + azureEnvironment: + description: "AzureEnvironment is the name of the AzureCloud + to be used. The default value that would be used by most + users is \"AzurePublicCloud\", other values are: - ChinaCloud: + \"AzureChinaCloud\" - PublicCloud: \"AzurePublicCloud\" + - USGovernmentCloud: \"AzureUSGovernmentCloud\" \n Note + that values other than the default must also be accompanied + by corresponding changes to the aso-controller-settings + Secret to configure ASO to refer to the non-Public cloud. + ASO currently does not support referring to multiple different + clouds in a single installation. The following fields must + be defined in the Secret: - AZURE_AUTHORITY_HOST - AZURE_RESOURCE_MANAGER_ENDPOINT + - AZURE_RESOURCE_MANAGER_AUDIENCE \n See the [ASO docs] + for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" + type: string + disableLocalAccounts: + description: DisableLocalAccounts disables getting static + credentials for this cluster when set. Expected to only + be used for AAD clusters. + type: boolean + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the + Kubernetes DNS service. It must be within the Kubernetes + service address range specified in serviceCidr. Immutable. + type: string + enablePreviewFeatures: + description: EnablePreviewFeatures enables preview features + for the cluster. + type: boolean + extensions: + description: Extensions is a list of AKS extensions to be + installed on the cluster. + items: + description: "AKSExtension represents the configuration + for an AKS cluster extension. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions" + properties: + aksAssignedIdentityType: + description: AKSAssignedIdentityType is the type of + the AKS assigned identity. + enum: + - SystemAssigned + - UserAssigned + type: string + autoUpgradeMinorVersion: + default: true + description: AutoUpgradeMinorVersion is a flag to note + if this extension participates in auto upgrade of + minor version, or not. + type: boolean + configurationSettings: + additionalProperties: + type: string + description: ConfigurationSettings are the name-value + pairs for configuring this extension. + type: object + extensionType: + description: ExtensionType is the type of the Extension + of which this resource is an instance. It must be + one of the Extension Types registered with Microsoft.KubernetesConfiguration + by the Extension publisher. + type: string + identity: + description: Identity is the identity type of the Extension + resource in an AKS cluster. + enum: + - SystemAssigned + type: string + name: + description: Name is the name of the extension. + type: string + plan: + description: Plan is the plan of the extension. + properties: + name: + description: Name is the user-defined name of the + 3rd Party Artifact that is being procured. + type: string + product: + description: Product is the name of the 3rd Party + artifact that is being procured. + type: string + promotionCode: + description: PromotionCode is a publisher-provided + promotion code as provisioned in Data Market for + the said product/artifact. + type: string + publisher: + description: Publisher is the name of the publisher + of the 3rd Party Artifact that is being bought. + type: string + version: + description: Version is the version of the plan. + type: string + required: + - product + - publisher + type: object + releaseTrain: + description: ReleaseTrain is the release train this + extension participates in for auto-upgrade (e.g. Stable, + Preview, etc.) This is only used if autoUpgradeMinorVersion + is ‘true’. + type: string + scope: + description: Scope is the scope at which this extension + is enabled. + properties: + releaseNamespace: + description: ReleaseNamespace is the namespace where + the extension Release must be placed, for a Cluster-scoped + extension. Required for Cluster-scoped extensions. + type: string + scopeType: + description: ScopeType is the scope of the extension. + It can be either Cluster or Namespace, but not + both. + enum: + - Cluster + - Namespace + type: string + targetNamespace: + description: TargetNamespace is the namespace where + the extension will be created for a Namespace-scoped + extension. Required for Namespace-scoped extensions. + type: string + required: + - scopeType + type: object + version: + description: Version is the version of the extension. + type: string + required: + - extensionType + - name + - plan + type: object + type: array + fleetsMember: + description: "FleetsMember is the spec for the fleet this + cluster is a member of. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members" + properties: + group: + description: Group is the group this member belongs to + for multi-cluster update management. + type: string + managerName: + description: ManagerName is the name of the fleet manager. + type: string + managerResourceGroup: + description: ManagerResourceGroup is the resource group + of the fleet manager. + type: string + required: + - managerName + - managerResourceGroup + type: object + httpProxyConfig: + description: HTTPProxyConfig is the HTTP proxy configuration + for the cluster. Immutable. + properties: + httpProxy: + description: HTTPProxy is the HTTP proxy server endpoint + to use. + type: string + httpsProxy: + description: HTTPSProxy is the HTTPS proxy server endpoint + to use. + type: string + noProxy: + description: NoProxy indicates the endpoints that should + not go through proxy. + items: + type: string + type: array + trustedCa: + description: TrustedCA is the alternative CA cert to use + for connecting to proxy servers. + type: string + type: object + identity: + description: Identity configuration used by the AKS control + plane. + properties: + type: + description: Type - The Identity type to use. + enum: + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentityResourceID: + description: UserAssignedIdentityResourceID - Identity + ARM resource ID when using user-assigned identity. + type: string + type: object + identityRef: + description: IdentityRef is a reference to a AzureClusterIdentity + to be used when reconciling this cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeletUserAssignedIdentity: + description: KubeletUserAssignedIdentity is the user-assigned + identity for kubelet. For authentication with Azure Container + Registry. + type: string + loadBalancerProfile: + description: LoadBalancerProfile is the profile of the cluster + load balancer. + properties: + allocatedOutboundPorts: + description: AllocatedOutboundPorts - Desired number of + allocated SNAT ports per VM. Allowed values must be + in the range of 0 to 64000 (inclusive). The default + value is 0 which results in Azure dynamically allocating + ports. + type: integer + idleTimeoutInMinutes: + description: IdleTimeoutInMinutes - Desired outbound flow + idle timeout in minutes. Allowed values must be in the + range of 4 to 120 (inclusive). The default value is + 30 minutes. + type: integer + managedOutboundIPs: + description: ManagedOutboundIPs - Desired managed outbound + IPs for the cluster load balancer. + type: integer + outboundIPPrefixes: + description: OutboundIPPrefixes - Desired outbound IP + Prefix resources for the cluster load balancer. + items: + type: string + type: array + outboundIPs: + description: OutboundIPs - Desired outbound IP resources + for the cluster load balancer. + items: + type: string + type: array + type: object + loadBalancerSKU: + default: Standard + description: LoadBalancerSKU is the SKU of the loadBalancer + to be provisioned. Immutable. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical + Azure region names. Examples: "westus2", "eastus".' + type: string + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. For the AzureManagedControlPlaneTemplate, this field + is used only to fulfill the CAPI contract. + type: object + networkDataplane: + description: NetworkDataplane is the dataplane used for building + the Kubernetes network. + enum: + - azure + - cilium + type: string + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: NetworkPluginMode is the mode the network plugin + should use. Allowed value is "overlay". + enum: + - overlay + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + - cilium + type: string + oidcIssuerProfile: + description: OIDCIssuerProfile is the OIDC issuer profile + of the Managed Cluster. + properties: + enabled: + description: Enabled is whether the OIDC issuer is enabled. + type: boolean + type: object + outboundType: + description: Outbound configuration used by Nodes. + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + securityProfile: + description: SecurityProfile defines the security profile + for cluster. + properties: + azureKeyVaultKms: + description: AzureKeyVaultKms defines Azure Key Vault + Management Services Profile for the security profile. + properties: + enabled: + description: Enabled enables the Azure Key Vault key + management service. The default is false. + type: boolean + keyID: + description: KeyID defines the Identifier of Azure + Key Vault key. When Azure Key Vault key management + service is enabled, this field is required and must + be a valid key identifier. + type: string + keyVaultNetworkAccess: + default: Public + description: KeyVaultNetworkAccess defines the network + access of key vault. The possible values are Public + and Private. Public means the key vault allows public + access from all networks. Private means the key + vault disables public access and enables private + link. The default value is Public. + type: string + keyVaultResourceID: + description: KeyVaultResourceID is the Resource ID + of key vault. When keyVaultNetworkAccess is Private, + this field is required and must be a valid resource + ID. + type: string + required: + - enabled + - keyID + type: object + defender: + description: Defender settings for the security profile. + properties: + logAnalyticsWorkspaceResourceID: + description: LogAnalyticsWorkspaceResourceID is the + ID of the Log Analytics workspace that has to be + associated with Microsoft Defender. When Microsoft + Defender is enabled, this field is required and + must be a valid workspace resource ID. + type: string + securityMonitoring: + description: SecurityMonitoring profile defines the + Microsoft Defender threat detection for Cloud settings + for the security profile. + properties: + enabled: + description: Enabled enables Defender threat detection + type: boolean + required: + - enabled + type: object + required: + - logAnalyticsWorkspaceResourceID + - securityMonitoring + type: object + imageCleaner: + description: ImageCleaner settings for the security profile. + properties: + enabled: + description: Enabled enables the Image Cleaner on + AKS cluster. + type: boolean + intervalHours: + description: IntervalHours defines Image Cleaner scanning + interval in hours. Default value is 24 hours. + maximum: 2160 + minimum: 24 + type: integer + required: + - enabled + type: object + workloadIdentity: + description: Workloadidentity enables Kubernetes applications + to access Azure cloud resources securely with Azure + AD. Ensure to enable OIDC issuer while enabling Workload + Identity + properties: + enabled: + description: Enabled enables the workload identity. + type: boolean + required: + - enabled + type: object + type: object + sku: + description: SKU is the SKU of the AKS to be provisioned. + properties: + tier: + description: Tier - Tier of an AKS cluster. + enum: + - Free + - Paid + - Standard + type: string + required: + - tier + type: object + subscriptionID: + description: SubscriptionID is the GUID of the Azure subscription + that owns this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the virtual network + for the AKS cluster. It will be created if it does not already + exist. + properties: + cidrBlock: + type: string + name: + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource + group for the VNet and Subnet. + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet + for an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + privateEndpoints: + description: PrivateEndpoints is a slice of Virtual + Network private endpoints to create for the subnets. + items: + description: PrivateEndpointSpec configures an Azure + Private Endpoint. + properties: + applicationSecurityGroups: + description: ApplicationSecurityGroups specifies + the Application security group in which the + private endpoint IP configuration is included. + items: + type: string + type: array + customNetworkInterfaceName: + description: CustomNetworkInterfaceName specifies + the network interface name associated with + the private endpoint. + type: string + location: + description: Location specifies the region to + create the private endpoint. + type: string + manualApproval: + description: ManualApproval specifies if the + connection approval needs to be done manually + or not. Set it true when the network admin + does not have access to approve connections + to the remote resource. Defaults to false. + type: boolean + name: + description: Name specifies the name of the + private endpoint. + type: string + privateIPAddresses: + description: PrivateIPAddresses specifies the + IP addresses for the network interface associated + with the private endpoint. They have to be + part of the subnet where the private endpoint + is linked. + items: + type: string + type: array + privateLinkServiceConnections: + description: PrivateLinkServiceConnections specifies + Private Link Service Connections of the private + endpoint. + items: + description: PrivateLinkServiceConnection + defines the specification for a private + link service connection associated with + a private endpoint. + properties: + groupIDs: + description: GroupIDs specifies the ID(s) + of the group(s) obtained from the remote + resource that this private endpoint + should connect to. + items: + type: string + type: array + name: + description: Name specifies the name of + the private link service. + type: string + privateLinkServiceID: + description: PrivateLinkServiceID specifies + the resource ID of the private link + service. + type: string + requestMessage: + description: RequestMessage specifies + a message passed to the owner of the + remote resource with the private endpoint + connection request. + maxLength: 140 + type: string + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceEndpoints: + description: ServiceEndpoints is a slice of Virtual + Network service endpoints to enable for the subnets. + items: + description: ServiceEndpointSpec configures an Azure + Service Endpoint. + properties: + locations: + items: + type: string + type: array + service: + type: string + required: + - locations + - service + type: object + type: array + x-kubernetes-list-map-keys: + - service + x-kubernetes-list-type: map + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - identityRef + - location + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AzureManagedMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + priority: 1 + type: string + - description: Time duration since creation of this AzureManagedMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.mode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + asoManagedClustersAgentPoolPatches: + description: 'ASOManagedClustersAgentPoolPatches defines JSON merge + patches to be applied to the generated ASO ManagedClustersAgentPool + resource. WARNING: This is meant to be used sparingly to enable + features for development and testing that are not otherwise represented + in the CAPZ API. Misconfiguration that conflicts with CAPZ''s normal + mode of operation is possible.' + items: + type: string + type: array + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. Must + use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host encryption + is enabled on the node pool. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled on the node + pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes in the + pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations for + nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe sysctls + or unsafe sysctl patterns (ending in `*`). Valid values match + `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or + `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number of container + log files that can be present for a container. The number must + be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size in MB of + a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement for + containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period value. + Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make the Kubelet + fail to start if swap is enabled on the node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk usage + after which image garbage collection is always run. Valid values + are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk usage before + which image garbage collection is never run. Valid values are + 0-100 (inclusive) and must be less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes per + pod. Must not exceed kernel PID limit. -1 disables the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager policy to + use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. Default + to OS. Possible values include: 'OS', 'Temporary'. Requires Microsoft.ContainerService/KubeletDisk + preview feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a swap file + will be created on the agent nodes from this node pool. Max + value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). + Must be at least 1. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number of system-wide + asynchronous io requests. Valid values are 65536-6553500 + (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of file-handles + that the Linux kernel will allocate, by increasing increases + the maximum number of open files permitted. Valid values + are 8192-12000500 (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the number + of file watches allowed by the system. Each watch is roughly + 90 bytes on a 32-bit kernel, and roughly 160 bytes on a + 64-bit kernel. Valid values are 781250-2097152 (inclusive). + Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number of file-handles + a process can allocate. Valid values are 8192-20000500 (inclusive). + Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum number + of all threads that can be created. Valid values are 20-513785 + (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum number + of packets, queued on the INPUT side, when the interface + receives packets faster than kernel can process them. Valid + values are 1000-3240000 (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum ancillary + buffer size (option memory buffer) allowed per socket. Socket + option memory is used in a few cases to store extra structures + relating to usage of the socket. Valid values are 20480-4194304 + (inclusive). Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum receive + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number of + connection requests that can be queued for any given listening + socket. An upper limit for the value of the backlog parameter + passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than the somaxconn, + then it's silently truncated to this limit. Valid values + are 4096-3240000 (inclusive). Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default send + socket buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum send socket + buffer size in bytes. Valid values are 212992-134217728 + (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP and UDP + traffic to choose the local port on the agent node. PortRange + should be specified in the format "first last". First, being + an integer, must be between [1024 - 60999]. Last, being + an integer, must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies the minimum + number of entries that may be in the ARP cache. Garbage + collection won't be triggered if the number of entries is + below this setting. Valid values are 128-80000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies soft maximum + number of entries that may be in the ARP cache. ARP garbage + collection will be triggered about 5 seconds after reaching + this soft maximum. Valid values are 512-90000 (inclusive). + Maps to net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified hard maximum + number of entries in the ARP cache. Valid values are 1024-100000 + (inclusive). Maps to net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length of + time an orphaned connection will remain in the FIN_WAIT_2 + state before it's aborted at the local end. Valid values + are 5-120 (inclusive). Maps to net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the number + of keepalive probes TCP sends out, until it decides the + connection is broken. Valid values are 1-15 (inclusive). + Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the rate at + which TCP sends out a keepalive message when keepalive is + enabled. Valid values are 30-432000 (inclusive). Maps to + net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the maximum + number of queued connection requests that have still not + received an acknowledgment from the connecting client. If + this number is exceeded, the kernel will begin dropping + requests. Valid values are 128-3240000 (inclusive). Maps + to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal number + of timewait sockets held by system simultaneously. If this + number is exceeded, time-wait socket is immediately destroyed + and warning is printed. Valid values are 8000-1440000 (inclusive). + Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT + sockets for new connections when it's safe from protocol + viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the frequency + of the probes sent out. Multiplied by tcpKeepaliveprobes, + it makes up the time to kill a connection that isn't responding, + after probes started. Valid values are 1-75 (inclusive). + Maps to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies the + size of hash table used by nf_conntrack module to record + the established connection record of the TCP protocol. Valid + values are 65536-147456 (inclusive). Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies the maximum + number of connections supported by the nf_conntrack module + or the size of connection tracking table. Valid values are + 131072-1048576 (inclusive). Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number of + memory map areas a process may have. Maps to vm.max_map_count. + Valid values are 65530-262144 (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness of the + kernel in swapping memory pages. Higher values will increase + aggressiveness, lower values decrease the amount of swap. + Valid values are 0-100 (inclusive). Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage value + that controls tendency of the kernel to reclaim the memory, + which is used for caching of directory and inode objects. + Valid values are 1-500 (inclusive). Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether the + kernel should make aggressive use of memory compaction to make + more hugepages available. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various modes + of Transparent Hugepages. See also [Linux doc]. \n [Linux doc]: + https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. \n + [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of the nodes + present in node pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP prefix resource + ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each node + in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). + Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating system. + Default to Linux. Possible values include: 'Linux', 'Windows'. 'Windows' + requires the AzureManagedControlPlane's `spec.networkPlugin` to + be `azure`. Immutable. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler behavior. + Default to Delete. Possible values include: ''Deallocate'', ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority value. + Default to Regular. Possible values include: ''Regular'', ''Spot'' + Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters for the + node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot instance. + Possible values are any decimal value greater than zero or -1. If + you set the max price to be -1, the VM won't be evicted based on + price. The price for the VM will be the current price for spot or + the price for a standard VM, which ever is less, as long as there's + capacity and quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present in this + agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the AzureManagedControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + longRunningOperationStates: + description: LongRunningOperationStates saves the states for Azure + long-running operations so they can be continued on the next reconciliation + loop. + items: + description: Future contains the data needed for an Azure long-running + operation to continue across reconcile loops. + properties: + data: + description: Data is the base64 url encoded json Azure AutoRest + Future. + type: string + name: + description: Name is the name of the Azure resource. Together + with the service name, this forms the unique identifier for + the future. + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource. + type: string + serviceName: + description: ServiceName is the name of the Azure service. Together + with the name of the resource, this forms the unique identifier + for the future. + type: string + type: + description: Type describes the type of future, such as update, + create, delete, etc. + type: string + required: + - data + - name + - serviceName + - type + type: object + type: array + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-azure + cluster.x-k8s.io/v1beta1: v1beta1 + name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePoolTemplate + listKind: AzureManagedMachinePoolTemplateList + plural: azuremanagedmachinepooltemplates + shortNames: + - ammpt + singular: azuremanagedmachinepooltemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolTemplateSpec defines the desired state + of AzureManagedMachinePoolTemplate. + properties: + template: + description: AzureManagedMachinePoolTemplateResource describes the + data needed to create an AzureManagedCluster from a template. + properties: + spec: + description: AzureManagedMachinePoolTemplateResourceSpec specifies + an Azure managed control plane template resource. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to Azure resources managed by the Azure provider, in + addition to the ones added by default. + type: object + asoManagedClustersAgentPoolPatches: + description: 'ASOManagedClustersAgentPoolPatches defines JSON + merge patches to be applied to the generated ASO ManagedClustersAgentPool + resource. WARNING: This is meant to be used sparingly to + enable features for development and testing that are not + otherwise represented in the CAPZ API. Misconfiguration + that conflicts with CAPZ''s normal mode of operation is + possible.' + items: + type: string + type: array + availabilityZones: + description: AvailabilityZones - Availability zones for nodes. + Must use VirtualMachineScaleSets AgentPoolType. Immutable. + items: + type: string + type: array + enableEncryptionAtHost: + description: "EnableEncryptionAtHost indicates whether host + encryption is enabled on the node pool. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption" + type: boolean + enableFIPS: + description: EnableFIPS indicates whether FIPS is enabled + on the node pool. Immutable. + type: boolean + enableNodePublicIP: + description: EnableNodePublicIP controls whether or not nodes + in the pool each have a public IP address. Immutable. + type: boolean + enableUltraSSD: + description: EnableUltraSSD enables the storage type UltraSSD_LRS + for the agent pool. Immutable. + type: boolean + kubeletConfig: + description: KubeletConfig specifies the kubelet configurations + for nodes. Immutable. + properties: + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls - Allowlist of unsafe + sysctls or unsafe sysctl patterns (ending in `*`). Valid + values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, + `fs.mqueue.*`, or `net.*`. + items: + type: string + type: array + containerLogMaxFiles: + description: ContainerLogMaxFiles - The maximum number + of container log files that can be present for a container. + The number must be ≥ 2. + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: ContainerLogMaxSizeMB - The maximum size + in MB of a container log file before it is rotated. + type: integer + cpuCfsQuota: + description: CPUCfsQuota - Enable CPU CFS quota enforcement + for containers that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: CPUCfsQuotaPeriod - Sets CPU CFS quota period + value. Must end in "ms", e.g. "100ms" + type: string + cpuManagerPolicy: + description: CPUManagerPolicy - CPU Manager policy to + use. + enum: + - none + - static + type: string + failSwapOn: + description: FailSwapOn - If set to true it will make + the Kubelet fail to start if swap is enabled on the + node. + type: boolean + imageGcHighThreshold: + description: ImageGcHighThreshold - The percent of disk + usage after which image garbage collection is always + run. Valid values are 0-100 (inclusive). + maximum: 100 + minimum: 0 + type: integer + imageGcLowThreshold: + description: ImageGcLowThreshold - The percent of disk + usage before which image garbage collection is never + run. Valid values are 0-100 (inclusive) and must be + less than `imageGcHighThreshold`. + maximum: 100 + minimum: 0 + type: integer + podMaxPids: + description: PodMaxPids - The maximum number of processes + per pod. Must not exceed kernel PID limit. -1 disables + the limit. + minimum: -1 + type: integer + topologyManagerPolicy: + description: TopologyManagerPolicy - Topology Manager + policy to use. + enum: + - none + - best-effort + - restricted + - single-numa-node + type: string + type: object + kubeletDiskType: + description: "KubeletDiskType specifies the kubelet disk type. + Default to OS. Possible values include: 'OS', 'Temporary'. + Requires Microsoft.ContainerService/KubeletDisk preview + feature to be set. Immutable. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype" + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: LinuxOSConfig specifies the custom Linux OS settings + and configurations. Immutable. + properties: + swapFileSizeMB: + description: "SwapFileSizeMB specifies size in MB of a + swap file will be created on the agent nodes from this + node pool. Max value of SwapFileSizeMB should be the + size of temporary disk(/dev/sdb). Must be at least 1. + See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk" + minimum: 1 + type: integer + sysctls: + description: Sysctl specifies the settings for Linux agent + nodes. + properties: + fsAioMaxNr: + description: FsAioMaxNr specifies the maximum number + of system-wide asynchronous io requests. Valid values + are 65536-6553500 (inclusive). Maps to fs.aio-max-nr. + maximum: 6553500 + minimum: 65536 + type: integer + fsFileMax: + description: FsFileMax specifies the max number of + file-handles that the Linux kernel will allocate, + by increasing increases the maximum number of open + files permitted. Valid values are 8192-12000500 + (inclusive). Maps to fs.file-max. + maximum: 12000500 + minimum: 8192 + type: integer + fsInotifyMaxUserWatches: + description: FsInotifyMaxUserWatches specifies the + number of file watches allowed by the system. Each + watch is roughly 90 bytes on a 32-bit kernel, and + roughly 160 bytes on a 64-bit kernel. Valid values + are 781250-2097152 (inclusive). Maps to fs.inotify.max_user_watches. + maximum: 2097152 + minimum: 781250 + type: integer + fsNrOpen: + description: FsNrOpen specifies the maximum number + of file-handles a process can allocate. Valid values + are 8192-20000500 (inclusive). Maps to fs.nr_open. + maximum: 20000500 + minimum: 8192 + type: integer + kernelThreadsMax: + description: KernelThreadsMax specifies the maximum + number of all threads that can be created. Valid + values are 20-513785 (inclusive). Maps to kernel.threads-max. + maximum: 513785 + minimum: 20 + type: integer + netCoreNetdevMaxBacklog: + description: NetCoreNetdevMaxBacklog specifies maximum + number of packets, queued on the INPUT side, when + the interface receives packets faster than kernel + can process them. Valid values are 1000-3240000 + (inclusive). Maps to net.core.netdev_max_backlog. + maximum: 3240000 + minimum: 1000 + type: integer + netCoreOptmemMax: + description: NetCoreOptmemMax specifies the maximum + ancillary buffer size (option memory buffer) allowed + per socket. Socket option memory is used in a few + cases to store extra structures relating to usage + of the socket. Valid values are 20480-4194304 (inclusive). + Maps to net.core.optmem_max. + maximum: 4194304 + minimum: 20480 + type: integer + netCoreRmemDefault: + description: NetCoreRmemDefault specifies the default + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreRmemMax: + description: NetCoreRmemMax specifies the maximum + receive socket buffer size in bytes. Valid values + are 212992-134217728 (inclusive). Maps to net.core.rmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreSomaxconn: + description: NetCoreSomaxconn specifies maximum number + of connection requests that can be queued for any + given listening socket. An upper limit for the value + of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) + function. If the backlog argument is greater than + the somaxconn, then it's silently truncated to this + limit. Valid values are 4096-3240000 (inclusive). + Maps to net.core.somaxconn. + maximum: 3240000 + minimum: 4096 + type: integer + netCoreWmemDefault: + description: NetCoreWmemDefault specifies the default + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_default. + maximum: 134217728 + minimum: 212992 + type: integer + netCoreWmemMax: + description: NetCoreWmemMax specifies the maximum + send socket buffer size in bytes. Valid values are + 212992-134217728 (inclusive). Maps to net.core.wmem_max. + maximum: 134217728 + minimum: 212992 + type: integer + netIpv4IPLocalPortRange: + description: NetIpv4IPLocalPortRange is used by TCP + and UDP traffic to choose the local port on the + agent node. PortRange should be specified in the + format "first last". First, being an integer, must + be between [1024 - 60999]. Last, being an integer, + must be between [32768 - 65000]. Maps to net.ipv4.ip_local_port_range. + type: string + netIpv4NeighDefaultGcThresh1: + description: NetIpv4NeighDefaultGcThresh1 specifies + the minimum number of entries that may be in the + ARP cache. Garbage collection won't be triggered + if the number of entries is below this setting. + Valid values are 128-80000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh1. + maximum: 80000 + minimum: 128 + type: integer + netIpv4NeighDefaultGcThresh2: + description: NetIpv4NeighDefaultGcThresh2 specifies + soft maximum number of entries that may be in the + ARP cache. ARP garbage collection will be triggered + about 5 seconds after reaching this soft maximum. + Valid values are 512-90000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh2. + maximum: 90000 + minimum: 512 + type: integer + netIpv4NeighDefaultGcThresh3: + description: NetIpv4NeighDefaultGcThresh3 specified + hard maximum number of entries in the ARP cache. + Valid values are 1024-100000 (inclusive). Maps to + net.ipv4.neigh.default.gc_thresh3. + maximum: 100000 + minimum: 1024 + type: integer + netIpv4TCPFinTimeout: + description: NetIpv4TCPFinTimeout specifies the length + of time an orphaned connection will remain in the + FIN_WAIT_2 state before it's aborted at the local + end. Valid values are 5-120 (inclusive). Maps to + net.ipv4.tcp_fin_timeout. + maximum: 120 + minimum: 5 + type: integer + netIpv4TCPKeepaliveProbes: + description: NetIpv4TCPKeepaliveProbes specifies the + number of keepalive probes TCP sends out, until + it decides the connection is broken. Valid values + are 1-15 (inclusive). Maps to net.ipv4.tcp_keepalive_probes. + maximum: 15 + minimum: 1 + type: integer + netIpv4TCPKeepaliveTime: + description: NetIpv4TCPKeepaliveTime specifies the + rate at which TCP sends out a keepalive message + when keepalive is enabled. Valid values are 30-432000 + (inclusive). Maps to net.ipv4.tcp_keepalive_time. + maximum: 432000 + minimum: 30 + type: integer + netIpv4TCPMaxSynBacklog: + description: NetIpv4TCPMaxSynBacklog specifies the + maximum number of queued connection requests that + have still not received an acknowledgment from the + connecting client. If this number is exceeded, the + kernel will begin dropping requests. Valid values + are 128-3240000 (inclusive). Maps to net.ipv4.tcp_max_syn_backlog. + maximum: 3240000 + minimum: 128 + type: integer + netIpv4TCPMaxTwBuckets: + description: NetIpv4TCPMaxTwBuckets specifies maximal + number of timewait sockets held by system simultaneously. + If this number is exceeded, time-wait socket is + immediately destroyed and warning is printed. Valid + values are 8000-1440000 (inclusive). Maps to net.ipv4.tcp_max_tw_buckets. + maximum: 1440000 + minimum: 8000 + type: integer + netIpv4TCPTwReuse: + description: NetIpv4TCPTwReuse is used to allow to + reuse TIME-WAIT sockets for new connections when + it's safe from protocol viewpoint. Maps to net.ipv4.tcp_tw_reuse. + type: boolean + netIpv4TCPkeepaliveIntvl: + description: NetIpv4TCPkeepaliveIntvl specifies the + frequency of the probes sent out. Multiplied by + tcpKeepaliveprobes, it makes up the time to kill + a connection that isn't responding, after probes + started. Valid values are 1-75 (inclusive). Maps + to net.ipv4.tcp_keepalive_intvl. + maximum: 75 + minimum: 1 + type: integer + netNetfilterNfConntrackBuckets: + description: NetNetfilterNfConntrackBuckets specifies + the size of hash table used by nf_conntrack module + to record the established connection record of the + TCP protocol. Valid values are 65536-147456 (inclusive). + Maps to net.netfilter.nf_conntrack_buckets. + maximum: 147456 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: NetNetfilterNfConntrackMax specifies + the maximum number of connections supported by the + nf_conntrack module or the size of connection tracking + table. Valid values are 131072-1048576 (inclusive). + Maps to net.netfilter.nf_conntrack_max. + maximum: 1048576 + minimum: 131072 + type: integer + vmMaxMapCount: + description: VMMaxMapCount specifies the maximum number + of memory map areas a process may have. Maps to + vm.max_map_count. Valid values are 65530-262144 + (inclusive). + maximum: 262144 + minimum: 65530 + type: integer + vmSwappiness: + description: VMSwappiness specifies aggressiveness + of the kernel in swapping memory pages. Higher values + will increase aggressiveness, lower values decrease + the amount of swap. Valid values are 0-100 (inclusive). + Maps to vm.swappiness. + maximum: 100 + minimum: 0 + type: integer + vmVfsCachePressure: + description: VMVfsCachePressure specifies the percentage + value that controls tendency of the kernel to reclaim + the memory, which is used for caching of directory + and inode objects. Valid values are 1-500 (inclusive). + Maps to vm.vfs_cache_pressure. + maximum: 500 + minimum: 1 + type: integer + type: object + transparentHugePageDefrag: + description: "TransparentHugePageDefrag specifies whether + the kernel should make aggressive use of memory compaction + to make more hugepages available. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - defer + - defer+madvise + - madvise + - never + type: string + transparentHugePageEnabled: + description: "TransparentHugePageEnabled specifies various + modes of Transparent Hugepages. See also [Linux doc]. + \n [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge + for more details." + enum: + - always + - madvise + - never + type: string + type: object + maxPods: + description: "MaxPods specifies the kubelet `--max-pods` configuration + for the node pool. Immutable. See also [AKS doc], [K8s doc]. + \n [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters + [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" + type: integer + mode: + description: 'Mode represents the mode of an agent pool. Possible + values include: System, User.' + enum: + - System + - User + type: string + name: + description: Name is the name of the agent pool. If not specified, + CAPZ uses the name of the CR as the agent pool name. Immutable. + type: string + nodeLabels: + additionalProperties: + type: string + description: "Node labels represent the labels for all of + the nodes present in node pool. See also [AKS doc]. \n [AKS + doc]: https://learn.microsoft.com/azure/aks/use-labels" + type: object + nodePublicIPPrefixID: + description: NodePublicIPPrefixID specifies the public IP + prefix resource ID which VM nodes should use IPs from. Immutable. + type: string + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine + in this agent pool. If you specify 0, it will apply the + default osDisk size according to the vmSize specified. Immutable. + type: integer + osDiskType: + default: Managed + description: "OsDiskType specifies the OS disk type for each + node in the pool. Allowed values are 'Ephemeral' and 'Managed' + (default). Immutable. See also [AKS doc]. \n [AKS doc]: + https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os" + enum: + - Ephemeral + - Managed + type: string + osType: + description: "OSType specifies the virtual machine operating + system. Default to Linux. Possible values include: 'Linux', + 'Windows'. 'Windows' requires the AzureManagedControlPlane's + `spec.networkPlugin` to be `azure`. Immutable. See also + [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype" + enum: + - Linux + - Windows + type: string + scaleDownMode: + default: Delete + description: 'ScaleDownMode affects the cluster autoscaler + behavior. Default to Delete. Possible values include: ''Deallocate'', + ''Delete''' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority specifies the ScaleSetPriority + value. Default to Regular. Possible values include: ''Regular'', + ''Spot'' Immutable.' + enum: + - Regular + - Spot + type: string + scaling: + description: Scaling specifies the autoscaling parameters + for the node pool. + properties: + maxSize: + description: MaxSize is the maximum number of nodes for + auto-scaling. + type: integer + minSize: + description: MinSize is the minimum number of nodes for + auto-scaling. + type: integer + type: object + sku: + description: SKU is the size of the VMs in the node pool. + Immutable. + type: string + spotMaxPrice: + anyOf: + - type: integer + - type: string + description: SpotMaxPrice defines max price to pay for spot + instance. Possible values are any decimal value greater + than zero or -1. If you set the max price to be -1, the + VM won't be evicted based on price. The price for the VM + will be the current price for spot or the price for a standard + VM, which ever is less, as long as there's capacity and + quota available. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + subnetName: + description: SubnetName specifies the Subnet where the MachinePool + will be placed Immutable. + type: string + taints: + description: "Taints specifies the taints for nodes present + in this agent pool. See also [AKS doc]. \n [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints" + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + required: + - mode + - sku + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: bastionhosts.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: BastionHost + listKind: BastionHostList + plural: bastionhosts + singular: bastionhost + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + name: + description: 'Name: Name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + privateIPAllocationMethod: + description: 'PrivateIPAllocationMethod: Private IP allocation + method.' + enum: + - Dynamic + - Static + type: string + publicIPAddress: + description: 'PublicIPAddress: Reference of the PublicIP resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: 'Subnet: Reference of the subnet resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + required: + - publicIPAddress + - subnet + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + maximum: 50 + minimum: 2 + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + enum: + - Basic + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Bastion Host resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature + of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host + is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of + the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of + the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of + the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of + the Bastion Host resource.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host + resource.' + items: + description: IP configuration of an Bastion Host. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the bastion + host resource.' + type: string + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.BastionHost Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.BastionHost_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + privateIPAllocationMethod: + type: string + publicIPAddress: + description: Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: Storage version of v1api20220701.BastionHostSubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku The sku of this + Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.BastionHost_STATUS Bastion + Host resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + etag: + type: string + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration_STATUS + IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku_STATUS The sku of + this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: extensions.kubernetesconfiguration.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: kubernetesconfiguration.azure.com + names: + kind: Extension + listKind: ExtensionList + plural: extensions + singular: extension + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aksAssignedIdentity: + description: 'AksAssignedIdentity: Identity of the Extension resource + in an AKS cluster' + properties: + type: + description: 'Type: The identity type.' + enum: + - SystemAssigned + - UserAssigned + type: string + type: object + autoUpgradeMinorVersion: + description: 'AutoUpgradeMinorVersion: Flag to note if this extension + participates in auto upgrade of minor version, or not.' + type: boolean + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + configurationSettings: + additionalProperties: + type: string + description: 'ConfigurationSettings: Configuration settings, as name-value + pairs for configuring this extension.' + type: object + extensionType: + description: 'ExtensionType: Type of the Extension, of which this + resource is an instance of. It must be one of the Extension Types + registered with Microsoft.KubernetesConfiguration by the Extension + publisher.' + type: string + identity: + description: 'Identity: Identity of the Extension resource' + properties: + type: + description: 'Type: The identity type.' + enum: + - SystemAssigned + type: string + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. This resource is an extension resource, which + means that any other Azure resource can be its owner.' + properties: + armId: + description: Ownership across namespaces is not supported. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + plan: + description: 'Plan: The plan information.' + properties: + name: + description: 'Name: A user defined name of the 3rd Party Artifact + that is being procured.' + type: string + product: + description: 'Product: The 3rd Party artifact that is being procured. + E.g. NewRelic. Product maps to the OfferID specified for the + artifact at the time of Data Market onboarding.' + type: string + promotionCode: + description: 'PromotionCode: A publisher provided promotion code + as provisioned in Data Market for the said product/artifact.' + type: string + publisher: + description: 'Publisher: The publisher of the 3rd Party Artifact + that is being bought. E.g. NewRelic' + type: string + version: + description: 'Version: The version of the desired product/artifact.' + type: string + required: + - name + - product + - publisher + type: object + releaseTrain: + description: 'ReleaseTrain: ReleaseTrain this extension participates + in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion + is ''true''.' + type: string + scope: + description: 'Scope: Scope at which the extension is installed.' + properties: + cluster: + description: 'Cluster: Specifies that the scope of the extension + is Cluster' + properties: + releaseNamespace: + description: 'ReleaseNamespace: Namespace where the extension + Release must be placed, for a Cluster scoped extension. If + this namespace does not exist, it will be created' + type: string + type: object + namespace: + description: 'Namespace: Specifies that the scope of the extension + is Namespace' + properties: + targetNamespace: + description: 'TargetNamespace: Namespace where the extension + will be created for an Namespace scoped extension. If this + namespace does not exist, it will be created' + type: string + type: object + type: object + systemData: + description: 'SystemData: Top level metadata https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + enum: + - Application + - Key + - ManagedIdentity + - User + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + enum: + - Application + - Key + - ManagedIdentity + - User + type: string + type: object + version: + description: 'Version: User-specified version of the extension for + this extension to ''pin''. To use ''version'', autoUpgradeMinorVersion + must be ''false''.' + type: string + required: + - owner + type: object + status: + description: The Extension object. + properties: + aksAssignedIdentity: + description: 'AksAssignedIdentity: Identity of the Extension resource + in an AKS cluster' + properties: + principalId: + description: 'PrincipalId: The principal ID of resource identity.' + type: string + tenantId: + description: 'TenantId: The tenant ID of resource.' + type: string + type: + description: 'Type: The identity type.' + type: string + type: object + autoUpgradeMinorVersion: + description: 'AutoUpgradeMinorVersion: Flag to note if this extension + participates in auto upgrade of minor version, or not.' + type: boolean + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + configurationSettings: + additionalProperties: + type: string + description: 'ConfigurationSettings: Configuration settings, as name-value + pairs for configuring this extension.' + type: object + currentVersion: + description: 'CurrentVersion: Currently installed version of the extension.' + type: string + customLocationSettings: + additionalProperties: + type: string + description: 'CustomLocationSettings: Custom Location settings properties.' + type: object + errorInfo: + description: 'ErrorInfo: Error information from the Agent - e.g. errors + during installation.' + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' + items: + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional + info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: array + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + extensionType: + description: 'ExtensionType: Type of the Extension, of which this + resource is an instance of. It must be one of the Extension Types + registered with Microsoft.KubernetesConfiguration by the Extension + publisher.' + type: string + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: Identity of the Extension resource' + properties: + principalId: + description: 'PrincipalId: The principal ID of resource identity.' + type: string + tenantId: + description: 'TenantId: The tenant ID of resource.' + type: string + type: + description: 'Type: The identity type.' + type: string + type: object + isSystemExtension: + description: 'IsSystemExtension: Flag to note if this extension is + a system extension' + type: boolean + name: + description: 'Name: The name of the resource' + type: string + packageUri: + description: 'PackageUri: Uri of the Helm package' + type: string + plan: + description: 'Plan: The plan information.' + properties: + name: + description: 'Name: A user defined name of the 3rd Party Artifact + that is being procured.' + type: string + product: + description: 'Product: The 3rd Party artifact that is being procured. + E.g. NewRelic. Product maps to the OfferID specified for the + artifact at the time of Data Market onboarding.' + type: string + promotionCode: + description: 'PromotionCode: A publisher provided promotion code + as provisioned in Data Market for the said product/artifact.' + type: string + publisher: + description: 'Publisher: The publisher of the 3rd Party Artifact + that is being bought. E.g. NewRelic' + type: string + version: + description: 'Version: The version of the desired product/artifact.' + type: string + type: object + provisioningState: + description: 'ProvisioningState: Status of installation of this extension.' + type: string + releaseTrain: + description: 'ReleaseTrain: ReleaseTrain this extension participates + in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion + is ''true''.' + type: string + scope: + description: 'Scope: Scope at which the extension is installed.' + properties: + cluster: + description: 'Cluster: Specifies that the scope of the extension + is Cluster' + properties: + releaseNamespace: + description: 'ReleaseNamespace: Namespace where the extension + Release must be placed, for a Cluster scoped extension. If + this namespace does not exist, it will be created' + type: string + type: object + namespace: + description: 'Namespace: Specifies that the scope of the extension + is Namespace' + properties: + targetNamespace: + description: 'TargetNamespace: Namespace where the extension + will be created for an Namespace scoped extension. If this + namespace does not exist, it will be created' + type: string + type: object + type: object + statuses: + description: 'Statuses: Status from this extension.' + items: + description: Status from the extension. + properties: + code: + description: 'Code: Status code provided by the Extension' + type: string + displayStatus: + description: 'DisplayStatus: Short description of status of + the extension.' + type: string + level: + description: 'Level: Level of the status.' + type: string + message: + description: 'Message: Detailed message of the status from the + Extension.' + type: string + time: + description: 'Time: DateLiteral (per ISO8601) noting the time + of installation status.' + type: string + type: object + type: array + systemData: + description: 'SystemData: Top level metadata https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + version: + description: 'Version: User-specified version of the extension for + this extension to ''pin''. To use ''version'', autoUpgradeMinorVersion + must be ''false''.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230501.Extension Generator information: + - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230501.Extension_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aksAssignedIdentity: + description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + type: object + autoUpgradeMinorVersion: + type: boolean + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + configurationSettings: + additionalProperties: + type: string + type: object + extensionType: + type: string + identity: + description: Storage version of v1api20230501.Identity Identity for + the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. This resource is an extension resource, which + means that any other Azure resource can be its owner.' + properties: + armId: + description: Ownership across namespaces is not supported. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + plan: + description: Storage version of v1api20230501.Plan Plan for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + product: + type: string + promotionCode: + type: string + publisher: + type: string + version: + type: string + type: object + releaseTrain: + type: string + scope: + description: Storage version of v1api20230501.Scope Scope of the extension. + It can be either Cluster or Namespace; but not both. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + cluster: + description: Storage version of v1api20230501.ScopeCluster Specifies + that the scope of the extension is Cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + releaseNamespace: + type: string + type: object + namespace: + description: Storage version of v1api20230501.ScopeNamespace Specifies + that the scope of the extension is Namespace + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + targetNamespace: + type: string + type: object + type: object + systemData: + description: Storage version of v1api20230501.SystemData Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + version: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230501.Extension_STATUS The Extension + object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aksAssignedIdentity: + description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + type: object + autoUpgradeMinorVersion: + type: boolean + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + configurationSettings: + additionalProperties: + type: string + type: object + currentVersion: + type: string + customLocationSettings: + additionalProperties: + type: string + type: object + errorInfo: + description: Storage version of v1api20230501.ErrorDetail_STATUS The + error detail. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: Storage version of v1api20230501.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + description: Storage version of v1api20230501.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + additionalInfo: + items: + description: Storage version of v1api20230501.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + extensionType: + type: string + id: + type: string + identity: + description: Storage version of v1api20230501.Identity_STATUS Identity + for the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + type: object + isSystemExtension: + type: boolean + name: + type: string + packageUri: + type: string + plan: + description: Storage version of v1api20230501.Plan_STATUS Plan for + the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + product: + type: string + promotionCode: + type: string + publisher: + type: string + version: + type: string + type: object + provisioningState: + type: string + releaseTrain: + type: string + scope: + description: Storage version of v1api20230501.Scope_STATUS Scope of + the extension. It can be either Cluster or Namespace; but not both. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + cluster: + description: Storage version of v1api20230501.ScopeCluster_STATUS + Specifies that the scope of the extension is Cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + releaseNamespace: + type: string + type: object + namespace: + description: Storage version of v1api20230501.ScopeNamespace_STATUS + Specifies that the scope of the extension is Namespace + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + targetNamespace: + type: string + type: object + type: object + statuses: + items: + description: Storage version of v1api20230501.ExtensionStatus_STATUS + Status from the extension. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + displayStatus: + type: string + level: + type: string + message: + type: string + time: + type: string + type: object + type: array + systemData: + description: Storage version of v1api20230501.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: fleetsmembers.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: FleetsMember + listKind: FleetsMemberList + plural: fleetsmembers + singular: fleetsmember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + clusterResourceReference: + description: 'ClusterResourceReference: The ARM resource id of the + cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/Fleet + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + description: 'ClusterResourceId: The ARM resource id of the cluster + that joins the Fleet. Must be a valid Azure resource id. e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + description: 'ETag: If eTag is provided in the response body, it may + also be provided as a header per the normal etag convention. Entity + tags are used for comparing two or more entities from the same requested + resource. HTTP/1.1 uses entity tags in the etag (section 14.19), + If-Match (section 14.24), If-None-Match (section 14.26), and If-Range + (section 14.27) header fields.' + type: string + group: + description: 'Group: The group this member belongs to for multi-cluster + update management.' + type: string + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + name: + description: 'Name: The name of the resource' + type: string + provisioningState: + description: 'ProvisioningState: The status of the last operation.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230315previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230315preview.FleetsMember Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230315preview.Fleets_Member_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + clusterResourceReference: + description: 'ClusterResourceReference: The ARM resource id of the + cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}''.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/Fleet + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + description: Storage version of v1api20230315preview.Fleets_Member_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clusterResourceId: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + systemData: + description: Storage version of v1api20230315preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: Resource location' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Basic + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + enum: + - Free + - Paid + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: The client AAD application ID.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: The server AAD application ID.' + type: string + serverAppSecret: + description: 'ServerAppSecret: The server AAD application secret.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not + be specified if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is + Running or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATING) Whether to enable + Kubernetes pod security policy (preview). This feature is set for + removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Resource Id' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: Resource location' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: Resource name' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [uptime SLA](https://docs.microsoft.com/azure/aks/uptime-sla) + for more details.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags' + type: object + type: + description: 'Type: Resource type' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the + form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are + statically assigned on the node subnet (see vnetSubnetID for + more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetIDReference: + description: 'DiskEncryptionSetIDReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20210501.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + operatorSpec: + description: Storage version of v1api20210501.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + secrets: + description: Storage version of v1api20210501.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20210501.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + loadBalancerProfile: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20210501.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + serviceCidr: + type: string + type: object + nodeResourceGroup: + type: string + podIdentityProfile: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20210501.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + servicePrincipalProfile: + description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20210501.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + licenseType: + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20230201.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + type: object + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + dockerBridgeCidr: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20230201.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20230201.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + systemData: + description: Storage version of v1api20230201.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + required: + - enabled + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs + of the application security groups which agent pool will + associate when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + - version + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceReference: + description: 'DnsZoneResourceReference: Resource ID of the + DNS Zone to be associated with the web app. Used only when + Web App Routing is enabled.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + enum: + - Overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + maxItems: 10 + minItems: 0 + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + enum: + - IgnoreKubernetesDeprecations + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + enum: + - RequestsAndLimits + - RequestsOnly + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off, this field + will be exactly equal to it. If orchestratorVersion was , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds + a label to the node indicating that the feature is enabled + and deploys a daemonset along with host services to sync custom + certificate authorities from user-provided list of base64 + encoded certificates into node trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which + will be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be + specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. + Updating the agent pool with the same once it + has been created will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be + within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane + version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. If not specified, the default is Ubuntu if OSType=Linux + or Windows2019 if OSType=Windows. And the default Windows + OSSKU will be changed to Windows2022 after Windows2019 is + deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific + profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have + node public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver + vnet integration for the cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + subnetId: + description: 'SubnetId: It is required when: 1. creating a new + cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, + but may change to either NodeImage or SecurityPatch at GA.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Prometheus addon profile for the + container service cluster' + properties: + metrics: + description: 'Metrics: Metrics profile for the prometheus service + addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus + addon profile for the container service cluster' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of additional Kubernetes label keys that will be + used in the resource''s labels metric.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of Kubernetes annotations keys that will be used in + the resource''s labels metric.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the cluster will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes + the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enableNamespaceResources: + description: 'EnableNamespaceResources: The default value is false. + It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) + for more details on Namespace as a ARM Resource.' + type: boolean + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + guardrailsProfile: + description: 'GuardrailsProfile: The guardrails profile holds all + the guardrails information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded + from guardrails checks' + items: + type: string + type: array + level: + description: 'Level: The guardrails level to be used. By default, + Guardrails is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces' + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified + by AKS to be excluded from Guardrails' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + effectiveNoProxy: + description: 'EffectiveNoProxy: A read-only list of all endpoints + for which traffic should not be sent to the proxy. This list + is a superset of noProxy and values injected by AKS.' + items: + type: string + type: array + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. Ex + - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the + ingress profile.' + properties: + dnsZoneResourceId: + description: 'DnsZoneResourceId: Resource ID of the DNS Zone + to be associated with the web app. Used only when Web App + Routing is enabled.' + type: string + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: 'Identity: Managed identity of the Web Application + Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure + DNS resource and get certificates from Azure Key Vault. + See [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) + for more instructions.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + type: object + type: object + kubernetesVersion: + description: 'KubernetesVersion: When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, + upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, + however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + dockerBridgeCidr: + description: 'DockerBridgeCidr: A CIDR notation IP range assigned + to the Docker bridge network. It must not overlap with any Subnet + IP ranges or the Kubernetes service address range.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + kubeProxyConfig: + description: 'KubeProxyConfig: Holds configuration customizations + for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - + string. Kubernetes version 1.23 would be ''1-23''.' + properties: + enabled: + description: 'Enabled: Whether to enable on kube-proxy on + the cluster (if no ''kubeProxyConfig'' exists, kube-proxy + is enabled in AKS by default without these customizations).' + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations + for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information + please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: 'TcpFinTimeoutSeconds: The timeout value + used for IPVS TCP sessions after receiving a FIN in + seconds. Must be a positive integer value.' + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used + for idle IPVS TCP sessions in seconds. Must be a positive + integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used + for IPVS UDP packets in seconds. Must be a positive + integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' + or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for + building the Kubernetes network.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration + profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied + to the cluster''s node resource group' + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + customCATrustCertificates: + description: 'CustomCATrustCertificates: A list of up to 10 base64 + encoded CAs that will be added to the trust store on nodes with + the Custom CA Trust feature enabled. For more information see + [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)' + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + nodeRestriction: + description: 'NodeRestriction: [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + components: + description: 'Components: Istio components configuration.' + properties: + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. + The default value is v1.' + type: string + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + controlPlaneOverrides: + description: 'ControlPlaneOverrides: List of upgrade overrides + when upgrading a cluster''s control plane.' + items: + description: The list of control plane upgrade override + settings. + type: string + type: array + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + properties: + controlledValues: + description: 'ControlledValues: Controls which resource value + autoscaler will change. Default value is RequestsAndLimits.' + type: string + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + updateMode: + description: 'UpdateMode: Each update mode level is a superset + of the lower levels. Off + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + enum: + - Linux + - Windows + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time + (in minutes) to wait on eviction of pods and graceful + termination per node. This eviction wait time honors waiting + on pod disruption budgets. If this time is exceeded, the + upgrade fails. If not specified, the default is 30 minutes.' + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + enum: + - least-waste + - most-pods + - priority + - random + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - Unmanaged + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + enum: + - node-image + - none + - patch + - rapid + - stable + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: 'DelegatedResources: The delegated identity resources + assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one + delegated identity resource. Internal use only.' + type: object + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + items: + description: Information about the user assigned identity for + the resource + properties: + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + required: + - keyData + type: object + type: array + required: + - publicKeys + type: object + required: + - adminUsername + - ssh + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + enum: + - IPv4 + - IPv6 + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + maximum: 64000 + minimum: 0 + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + maximum: 100 + minimum: 1 + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + maximum: 100 + minimum: 0 + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + enum: + - basic + - standard + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + enum: + - azure + - cilium + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + enum: + - bridge + - transparent + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + enum: + - overlay + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + enum: + - azure + - calico + - cilium + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + type: object + operatorSpec: + description: 'OperatorSpec: The specification for configuring operator + behavior. This field is interpreted by the operator and not passed + directly to Azure' + properties: + configMaps: + description: 'ConfigMaps: configures where to place operator written + ConfigMaps.' + properties: + oidcIssuerProfile: + description: 'OIDCIssuerProfile: indicates where the OIDCIssuerProfile + config map should be placed. If omitted, no config map will + be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: 'Secrets: configures where to place Azure generated + secrets.' + properties: + adminCredentials: + description: 'AdminCredentials: indicates where the AdminCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'UserCredentials: indicates where the UserCredentials + secret should be placed. If omitted, the secret will not + be retrieved from Azure.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + enum: + - Disabled + - Enabled + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: 'CertificateAuthority: Istio Service Mesh Certificate + Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca' + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: 'Revisions: The list of revisions of the Istio + control plane. When an upgrade is not in progress, this + holds one value. When canary upgrade is in progress, this + can only hold two consecutive values. For more information, + see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade' + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + secret: + description: 'Secret: The secret password associated with the + service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + required: + - clientId + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + enum: + - Free + - Premium + - Standard + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: 'ForceUpgrade: Whether to force upgrade the cluster. + Note that this option instructs upgrade operation to bypass + upgrade protections such as checking for deprecated API + usage. Enable this option only with caution.' + type: boolean + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + enum: + - None + - Windows_Server + type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner + type: object + status: + description: Managed cluster. + properties: + aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' + properties: + adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object + IDs that will have admin role of the cluster.' + items: + type: string + type: array + clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for + Kubernetes authorization.' + type: boolean + managed: + description: 'Managed: Whether to enable managed AAD.' + type: boolean + serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application + ID. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application + secret. Learn more at https://aka.ms/aks/aad-legacy.' + type: string + tenantID: + description: 'TenantID: The AAD tenant ID to use for authentication. + If not specified, will use the tenant of the deployment subscription.' + type: string + type: object + addonProfiles: + additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. + properties: + config: + additionalProperties: + type: string + description: 'Config: Key-value pairs for configuring an add-on.' + type: object + enabled: + description: 'Enabled: Whether the add-on is enabled or not.' + type: boolean + identity: + description: 'Identity: Information of user assigned identity + used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' + type: object + agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' + items: + description: Profile for the container service agent pool. + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones + to use for nodes. This can only be specified if the AgentPoolType + property is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for + system pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify + the source Snapshot ID if the node pool will be created/upgraded + using a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the + source object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion + is a fully specified version , this field + will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version + being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported + on certain VM sizes and in certain Azure regions. For more + information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require + nodes in a node pool to receive their own dedicated public + IP addresses. A common scenario is for gaming workloads, where + a console needs to make a direct connection to a cloud virtual + machine to minimize hops. For more information see [assigning + a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used + to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the + agent pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe + sysctls or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of + container log files that can be present for a container. + The number must be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. + 10Mi) of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' + Valid values are a sequence of decimal numbers with an + optional fraction and a unit suffix. For example: ''300ms'', + ''2h45m''. Supported units are ''ns'', ''us'', ''ms'', + ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. + See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and + ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the + Kubelet fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage + collection, set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher + than imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes + per pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information + see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', + ''best-effort'', ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral + storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent + nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file + that will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting + fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting + net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting + net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting + net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting + net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting + net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting + net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting + net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl + setting net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting + net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are + ''always'', ''defer'', ''defer+madvise'', ''madvise'' + and ''never''. The default is ''madvise''. For more information + see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are + ''always'', ''madvise'', and ''never''. The default is + ''always''. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run + on a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' + Agent Pool at all times. For additional information on agent + pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: Windows agent pool names must be 6 characters + or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an + agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are + allowed to access. The specified ranges are allowed to + overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, + and be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is + included in the range. It should be ranged from + 1 to 65535, and be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the + port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the + application security groups which agent pool will associate + when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level + public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: + RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated + with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across + all nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during + node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with + the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch + version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. + The node pool version must have the same major version as + the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node + pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the + VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to ''Managed''. May not + be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent + pool. The default is Ubuntu if OSType is Linux. The default + is Windows2019 when Kubernetes <= 1.24 or Windows2022 when + Kubernetes >= 1.25 if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default + is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created + it is initially Running. The Agent Pool can be stopped by + setting this field to Stopped. A stopped Agent Pool stops + all of its VMs and does not accrue billing charges. An Agent + Pool can only be stopped if it is Running and provisioning + state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running + or Stopped' + type: string + type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity + Placement Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified + unless the scaleSetPriority is ''Spot''. If not specified, + the default is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set + priority. If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal + value greater than zero or -1 which indicates the willingness + to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool + virtual machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time + (in minutes) to wait on eviction of pods and graceful + termination per node. This eviction wait time honors waiting + on pod disruption budgets. If this time is exceeded, the + upgrade fails. If not specified, the default is 30 minutes.' + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer + (e.g. ''5'') or a percentage (e.g. ''50%''). If a percentage + is specified, it is the percentage of the total agent + pool size at the time of the upgrade. For percentages, + fractional nodes are rounded up. If not specified, the + default is 1. For more information, including best practices, + see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. + If a node contains insufficient compute resources (memory, + cpu, etc) pods might fail to run correctly. For more details + on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies + to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload + a node can run.' + type: string + type: object + type: array + apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed + cluster API server.' + properties: + authorizedIPRanges: + description: 'AuthorizedIPRanges: IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible + with clusters that use Public IP Per Node, or clusters that + are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).' + items: + type: string + type: array + disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command + for the cluster or not.' + type: boolean + enablePrivateCluster: + description: 'EnablePrivateCluster: For more details, see [Creating + a private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters).' + type: boolean + enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create + additional public FQDN for private cluster or not.' + type: boolean + privateDNSZone: + description: 'PrivateDNSZone: The default is System. For more + details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). + Allowed values are ''system'' and ''none''.' + type: string + type: object + autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler + when enabled' + properties: + balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' + and ''false''' + type: string + expander: + description: 'Expander: If not specified, the default is ''random''. + See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) + for more information.' + type: string + max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' + type: string + max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' + type: string + max-node-provision-time: + description: 'MaxNodeProvisionTime: The default is ''15m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The + maximum is 100 and the minimum is 0.' + type: string + new-pod-scale-up-delay: + description: 'NewPodScaleUpDelay: For scenarios like burst/batch + scale where you don''t want CA to act before the kubernetes + scheduler could schedule all the pods, you can tell CA to ignore + unscheduled pods before they''re a certain age. The default + is ''0s''. Values must be an integer followed by a unit (''s'' + for seconds, ''m'' for minutes, ''h'' for hours, etc).' + type: string + ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The + default is 3.' + type: string + scale-down-delay-after-add: + description: 'ScaleDownDelayAfterAdd: The default is ''10m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-delete: + description: 'ScaleDownDelayAfterDelete: The default is the scan-interval. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-delay-after-failure: + description: 'ScaleDownDelayAfterFailure: The default is ''3m''. + Values must be an integer followed by an ''m''. No unit of time + other than minutes (m) is supported.' + type: string + scale-down-unneeded-time: + description: 'ScaleDownUnneededTime: The default is ''10m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-unready-time: + description: 'ScaleDownUnreadyTime: The default is ''20m''. Values + must be an integer followed by an ''m''. No unit of time other + than minutes (m) is supported.' + type: string + scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + type: string + scan-interval: + description: 'ScanInterval: The default is ''10''. Values must + be an integer number of seconds.' + type: string + skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' + type: string + skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' + type: string + type: object + autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' + properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on + your nodes is updated. The default is NodeImage.' + type: string + upgradeChannel: + description: 'UpgradeChannel: For more information see [setting + the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).' + type: string + type: object + azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for + monitoring the managed cluster.' + properties: + metrics: + description: 'Metrics: Metrics profile for the Azure Monitor managed + service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace + and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview.' + properties: + enabled: + description: 'Enabled: Whether to enable or disable the Azure + Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on + enabling and disabling.' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics profile + for the Azure Managed Prometheus addon. These optional settings + are for the kube-state-metrics pod that is deployed with + the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details.' + properties: + metricAnnotationsAllowList: + description: 'MetricAnnotationsAllowList: Comma-separated + list of Kubernetes annotation keys that will be used + in the resource''s labels metric (Example: ''namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + metricLabelsAllowlist: + description: 'MetricLabelsAllowlist: Comma-separated list + of additional Kubernetes label keys that will be used + in the resource''s labels metric (Example: ''namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...''). + By default the metric contains only resource name and + namespace labels.' + type: string + type: object + type: object + type: object + azurePortalFQDN: + description: 'AzurePortalFQDN: The Azure Portal requires certain Cross-Origin + Resource Sharing (CORS) headers to be sent in some responses, which + Kubernetes APIServer doesn''t handle by default. This special FQDN + supports CORS, allowing the Azure Portal to function properly.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: If kubernetesVersion was a + fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this + field will contain the full version being used.' + type: string + disableLocalAccounts: + description: 'DisableLocalAccounts: If set to true, getting static + credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details + see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).' + type: boolean + diskEncryptionSetID: + description: 'DiskEncryptionSetID: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster + has been created.' + type: string + enablePodSecurityPolicy: + description: 'EnablePodSecurityPolicy: (DEPRECATED) Whether to enable + Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. + Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.' + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based + Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual + Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string + fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed + Cluster has been created.' + type: string + httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the + cluster with HTTP proxy servers.' + properties: + httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' + type: string + httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' + type: string + noProxy: + description: 'NoProxy: The endpoints that should not go through + proxy.' + items: + type: string + type: array + trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting + to proxy servers.' + type: string + type: object + id: + description: 'Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"' + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' + properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal + use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the + referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated + resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource + - internal use only.' + type: string + type: object + description: 'DelegatedResources: The delegated identity resources + assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one + delegated identity resource. Internal use only.' + type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned + identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity + which is used by master components.' + type: string + type: + description: 'Type: For more information see [use managed identities + in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).' + type: string + userAssignedIdentities: + additionalProperties: + properties: + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned + identity.' + type: string + type: object + description: 'UserAssignedIdentities: The keys must be ARM resource + IDs in the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''.' + type: object + type: object + identityProfile: + additionalProperties: + description: Details about a user assigned identity. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned + identity.' + type: string + type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + kubernetesVersion: + description: 'KubernetesVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. When you + upgrade a supported AKS cluster, Kubernetes minor versions cannot + be skipped. All upgrades must be performed sequentially by major + version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. + See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) + for more details.' + type: string + linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed + Cluster.' + properties: + adminUsername: + description: 'AdminUsername: The administrator username to use + for Linux VMs.' + type: string + ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running + on Azure.' + properties: + publicKeys: + description: 'PublicKeys: The list of SSH public keys used + to authenticate with Linux-based VMs. A maximum of 1 key + may be specified.' + items: + description: Contains information about SSH certificate + public key data. + properties: + keyData: + description: 'KeyData: Certificate public key used to + authenticate with VMs through SSH. The certificate + must be in PEM format with or without headers.' + type: string + type: object + type: array + type: object + type: object + location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the + managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' + type: string + networkProfile: + description: 'NetworkProfile: The network configuration profile.' + properties: + dnsServiceIP: + description: 'DnsServiceIP: An IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address + range specified in serviceCidr.' + type: string + ipFamilies: + description: 'IpFamilies: IP families are used to determine single-stack + or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6.' + items: + type: string + type: array + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load + balancer.' + properties: + allocatedOutboundPorts: + description: 'AllocatedOutboundPorts: The desired number of + allocated SNAT ports per VM. Allowed values are in the range + of 0 to 64000 (inclusive). The default value is 0 which + results in Azure dynamically allocating ports.' + type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound + Load Balancer BackendPool.' + type: string + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster load balancer.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable + multiple standard load balancers per AKS cluster or not.' + type: boolean + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 30 minutes.' + type: integer + managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound + IPs for the cluster load balancer.' + properties: + count: + description: 'Count: The desired number of IPv4 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 1.' + type: integer + countIPv6: + description: 'CountIPv6: The desired number of IPv6 outbound + IPs created/managed by Azure for the cluster load balancer. + Allowed values must be in the range of 1 to 100 (inclusive). + The default value is 0 for single-stack and 1 for dual-stack.' + type: integer + type: object + outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix + resources for the cluster load balancer.' + properties: + publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix + resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for + the cluster load balancer.' + properties: + publicIPs: + description: 'PublicIPs: A list of public IP resources.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + description: 'LoadBalancerSku: The default is ''standard''. See + [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) + for more information about the differences between load balancer + SKUs.' + type: string + natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + properties: + effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound + IP resources of the cluster NAT gateway.' + items: + description: A reference to an Azure resource. + properties: + id: + description: 'Id: The fully qualified Azure resource + id.' + type: string + type: object + type: array + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: Desired outbound flow + idle timeout in minutes. Allowed values are in the range + of 4 to 120 (inclusive). The default value is 4 minutes.' + type: integer + managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed + outbound IP resources of the cluster NAT gateway.' + properties: + count: + description: 'Count: The desired number of outbound IPs + created/managed by Azure. Allowed values must be in + the range of 1 to 16 (inclusive). The default value + is 1.' + type: integer + type: object + type: object + networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the + Kubernetes cluster.' + type: string + networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin + is anything other than ''azure''.' + type: string + networkPlugin: + description: 'NetworkPlugin: Network plugin used for building + the Kubernetes network.' + type: string + networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should + use.' + type: string + networkPolicy: + description: 'NetworkPolicy: Network policy used for building + the Kubernetes network.' + type: string + outboundType: + description: 'OutboundType: This can only be set at cluster creation + time and cannot be changed later. For more information see [egress + outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).' + type: string + podCidr: + description: 'PodCidr: A CIDR notation IP range from which to + assign pod IPs when kubenet is used.' + type: string + podCidrs: + description: 'PodCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking.' + items: + type: string + type: array + serviceCidr: + description: 'ServiceCidr: A CIDR notation IP range from which + to assign service cluster IPs. It must not overlap with any + Subnet IP ranges.' + type: string + serviceCidrs: + description: 'ServiceCidrs: One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with + any Subnet IP ranges.' + items: + type: string + type: array + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing + agent pool nodes.' + type: string + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed + Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string + type: object + podIdentityProfile: + description: 'PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on AAD pod identity integration.' + properties: + allowNetworkPluginKubenet: + description: 'AllowNetworkPluginKubenet: Running in Kubenet is + disabled by default due to the security related nature of AAD + Pod Identity and the risks of IP spoofing. See [using Kubenet + network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information.' + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use + in the cluster.' + items: + description: Details about the pod identity assigned to the + Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use + for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned + identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned + identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user + assigned identity.' + type: string + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if + any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. + Codes are invariant and are intended to be + consumed programmatically.' + type: string + details: + description: 'Details: A list of additional + details about the error.' + items: + properties: + code: + description: 'Code: An identifier for + the error. Codes are invariant and are + intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing + the error, intended to be suitable for + display in a user interface.' + type: string + target: + description: 'Target: The target of the + particular error. For example, the name + of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing + the error, intended to be suitable for display + in a user interface.' + type: string + target: + description: 'Target: The target of the particular + error. For example, the name of the property + in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning + state of the pod identity.' + type: string + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity + exceptions to allow.' + items: + description: See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity + exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + type: object + type: array + type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string + privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated + with the cluster.' + items: + description: A private link resource + properties: + groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' + type: string + name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service + ID of the resource, this field is exposed only to NRP internally.' + type: string + requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' + items: + type: string + type: array + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string + publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access + for AKS' + type: string + resourceUID: + description: 'ResourceUID: The resourceUID uniquely identifies ManagedClusters + that reuse ARM ResourceIds (i.e: create, delete, create sequence)' + type: string + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: + azureKeyVaultKms: + description: 'AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) + settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Azure Key Vault key + management service. The default is false.' + type: boolean + keyId: + description: 'KeyId: Identifier of Azure Key Vault key. See + [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service + is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service + is disabled, leave the field empty.' + type: string + keyVaultNetworkAccess: + description: 'KeyVaultNetworkAccess: Network access of key + vault. The possible values are `Public` and `Private`. `Public` + means the key vault allows public access from all networks. + `Private` means the key vault disables public access and + enables private link. The default value is `Public`.' + type: string + keyVaultResourceId: + description: 'KeyVaultResourceId: Resource ID of key vault. + When keyVaultNetworkAccess is `Private`, this field is required + and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + type: string + type: object + defender: + description: 'Defender: Microsoft Defender settings for the security + profile.' + properties: + logAnalyticsWorkspaceResourceId: + description: 'LogAnalyticsWorkspaceResourceId: Resource ID + of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field + is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty.' + type: string + securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat + detection for Cloud settings for the security profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Defender threat + detection' + type: boolean + type: object + type: object + imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security + profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Image Cleaner on + AKS cluster.' + type: boolean + intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval + in hours.' + type: integer + type: object + workloadIdentity: + description: 'WorkloadIdentity: Workload identity settings for + the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See + https://aka.ms/aks/wi for more details.' + properties: + enabled: + description: 'Enabled: Whether to enable workload identity.' + type: boolean + type: object + type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed + cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: 'CertificateAuthority: Istio Service Mesh Certificate + Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca' + properties: + plugin: + description: 'Plugin: Plugin certificates information + for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain + object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate + object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate + private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key + Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate + object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress + gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling + the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: Istio ingress gateway configuration. For + now, we support up to one external ingress gateway + named `aks-istio-ingressgateway-external` and one + internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress + gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: 'Revisions: The list of revisions of the Istio + control plane. When an upgrade is not in progress, this + holds one value. When canary upgrade is in progress, this + can only hold two consecutive values. For more information, + see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade' + items: + type: string + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: 'ServicePrincipalProfile: Information about a service + principal identity for the cluster to use for manipulating Azure + APIs.' + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string + type: object + sku: + description: 'Sku: The managed cluster SKU.' + properties: + name: + description: 'Name: The name of a managed cluster SKU.' + type: string + tier: + description: 'Tier: If not specified, the default is ''Free''. + See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) + for more details.' + type: string + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: + blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. + The default value is false.' + type: boolean + type: object + diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. + The default value is true.' + type: boolean + type: object + fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for + the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. + The default value is true.' + type: boolean + type: object + snapshotController: + description: 'SnapshotController: Snapshot Controller settings + for the storage profile.' + properties: + enabled: + description: 'Enabled: Whether to enable Snapshot Controller. + The default value is true.' + type: boolean + type: object + type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. + If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing + createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created + the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification + (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified + the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last + modified the resource.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" + or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: 'ForceUpgrade: Whether to force upgrade the cluster. + Note that this option instructs upgrade operation to bypass + upgrade protections such as checking for deprecated API + usage. Enable this option only with caution.' + type: boolean + until: + description: 'Until: Until when the overrides are effective. + Note that this only matches the start time of an upgrade, + and the effectiveness won''t change once an upgrade starts + even if the `until` expires as upgrade proceeds. This field + is not set by default. It must be set for the overrides + to take effect.' + type: string + type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed + Cluster.' + properties: + adminPassword: + description: 'AdminPassword: Specifies the password of the administrator + account. Minimum-length: 8 characters Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to + be fulfilled Has lower characters Has upper characters Has a + digit Has a special character (Regex match [\W_]) Disallowed + values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", + "Pa$$$$word", "pass@word1", "Password!", "Password1", "Password22", + "iloveyou!"' + type: string + adminUsername: + description: 'AdminUsername: Specifies the name of the administrator + account. Restriction: Cannot end in "." Disallowed values: "administrator", + "admin", "user", "user1", "test", "user2", "test1", "user3", + "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", + "backup", "console", "david", "guest", "john", "owner", "root", + "server", "sql", "support", "support_388945a0", "sys", "test2", + "test3", "user4", "user5". Minimum-length: 1 character Max-length: + 20 characters' + type: string + enableCSIProxy: + description: 'EnableCSIProxy: For more details on CSI proxy, see + the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy).' + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed + Cluster.' + properties: + dnsServer: + description: 'DnsServer: Specifies the DNS server for Windows + gMSA. Set it to empty if you have configured the DNS server + in the vnet which is used to create the managed cluster.' + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows + gMSA in the managed cluster.' + type: boolean + rootDomainName: + description: 'RootDomainName: Specifies the root domain name + for Windows gMSA. Set it to empty if you have configured + the DNS server in the vnet which is used to create the managed + cluster.' + type: string + type: object + licenseType: + description: 'LicenseType: The license type to use for Windows + VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) + for more details.' + type: string + type: object + workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile + for the managed cluster.' + properties: + keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) + settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable VPA. Default value + is false.' + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20231001.ManagedCluster Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedCluster_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20231001.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData Data + used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID + of the source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, Kind, + Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20231001.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, + a VNET and subnet will be generated and used. If no podSubnetID + is specified, this applies to nodes and pods, otherwise it + applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: 'DiskEncryptionSetReference: This is of the form: ''/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}''' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20231001.ExtendedLocation The + complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + identity: + description: Storage version of v1api20231001.ManagedClusterIdentity + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: Storage version of v1api20231001.DelegatedResource + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of + the delegated resource - internal use only.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + type: string + type: object + type: object + type: + type: string + userAssignedIdentities: + items: + description: Storage version of v1api20231001.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure + resource via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of the user + assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20231001.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20231001.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20231001.ContainerServiceSshPublicKey + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + networkProfile: + description: Storage version of v1api20231001.ContainerServiceNetworkProfile + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure + resource id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of + the resource. + type: string + name: + description: Name is the Kubernetes name of + the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource + id.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + operatorSpec: + description: Storage version of v1api20231001.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct + are interpreted by the operator directly rather than being passed + to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + configMaps: + description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: 'ConfigMapDestination describes the location + to store a single configmap value Note: This is similar + to SecretDestination in secrets.go. Changes to one should + likely also be made to the other.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: Name is the name of the Kubernetes ConfigMap + being referenced. The ConfigMap must be in the same + namespace as the resource + type: string + required: + - key + - name + type: object + type: object + secrets: + description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + userCredentials: + description: 'SecretDestination describes the location to + store a single secret value. Note: This is similar to ConfigMapDestination + in configmaps.go. Changes to one should likely also be made + to the other.' + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret + being referenced. The secret must be in the same namespace + as the resource + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceReference: + description: 'ResourceReference: The resource ID of + the user assigned identity.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is + optional as some resources are scoped at the subscription + level ARMID is mutually exclusive with Group, + Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the + resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: Storage version of v1api20231001.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + securityProfile: + description: Storage version of v1api20231001.ManagedClusterSecurityProfile + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20231001.AzureKeyVaultKms + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: 'KeyVaultResourceReference: Resource ID of key + vault. When keyVaultNetworkAccess is `Private`, this field + is required and must be a valid resource ID. When keyVaultNetworkAccess + is `Public`, leave the field empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: 'LogAnalyticsWorkspaceResourceReference: Resource + ID of the Log Analytics workspace to be associated with + Microsoft Defender. When Microsoft Defender is enabled, + this field is required and must be a valid workspace resource + ID. When Microsoft Defender is disabled, leave the field + empty.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: Storage version of v1api20231001.ServiceMeshProfile Service + mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + istio: + description: Storage version of v1api20231001.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: Storage version of v1api20231001.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. + For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + plugin: + description: Storage version of v1api20231001.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of + the Key Vault.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit + is optional as some resources are scoped at + the subscription level ARMID is mutually exclusive + with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of + the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the + resource. + type: string + name: + description: Name is the Kubernetes name of the + resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: Storage version of v1api20231001.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + egressGateways: + items: + description: Storage version of v1api20231001.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: Storage version of v1api20231001.IstioIngressGateway + Istio ingress gateway configuration. For now, we support + up to one external ingress gateway named `aks-istio-ingressgateway-external` + and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: SecretReference is a reference to a Kubernetes secret + and key in the same namespace as the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being + referenced + type: string + name: + description: Name is the name of the Kubernetes secret being + referenced. The secret must be in the same namespace as + the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: Storage version of v1api20231001.ManagedClusterSKU The + SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20231001.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: Storage version of v1api20231001.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: Storage version of v1api20231001.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: Storage version of v1api20231001.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20231001.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedCluster_STATUS Managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + aadProfile: + description: Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + identity: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + agentPoolProfiles: + items: + description: Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + code: + type: string + type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: array + apiServerAccessProfile: + description: Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: + items: + type: string + type: array + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + privateDNSZone: + type: string + type: object + autoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + balance-similar-node-groups: + type: string + expander: + type: string + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: + type: string + type: object + autoUpgradeProfile: + description: Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + nodeOSUpgradeChannel: + type: string + upgradeChannel: + type: string + type: object + azureMonitorProfile: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus + addon. Collect out-of-the-box Kubernetes infrastructure metrics + to send to an Azure Monitor Workspace and configure additional + scraping for custom targets. See aka.ms/AzureManagedPrometheus + for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus + addon. These optional settings are for the kube-state-metrics + pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters + for details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: Storage version of v1api20231001.ExtendedLocation_STATUS + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + fqdn: + type: string + fqdnSubdomain: + type: string + httpProxyConfig: + description: Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: + type: string + type: object + id: + type: string + identity: + description: Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Identity for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + delegatedResources: + additionalProperties: + description: Storage version of v1api20231001.DelegatedResource_STATUS + Delegated resource properties - internal use only. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object + type: object + principalId: + type: string + tenantId: + type: string + type: + type: string + userAssignedIdentities: + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + clientId: + type: string + principalId: + type: string + type: object + type: object + type: object + identityProfile: + additionalProperties: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + kubernetesVersion: + type: string + linuxProfile: + description: Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicKeys: + items: + description: Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key + data. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + keyData: + type: string + type: object + type: array + type: object + type: object + location: + type: string + maxAgentPools: + type: integer + name: + type: string + networkProfile: + description: Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + loadBalancerProfile: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPPrefixes: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + outboundIPs: + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + publicIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + type: object + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed + cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + description: Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) + for more details on pod identity integration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: + type: string + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + error: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set + of stashed information that used for properties + not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered + set of stashed information that used + for properties not directly supported + by storage resources, allowing for full + fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + powerState: + description: Storage version of v1api20231001.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string + privateLinkResources: + items: + description: Storage version of v1api20231001.PrivateLinkResource_STATUS + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + id: + type: string + name: + type: string + privateLinkServiceID: + type: string + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + provisioningState: + type: string + publicNetworkAccess: + type: string + resourceUID: + type: string + securityProfile: + description: Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat + detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk + space and helping to reduce attack surface area. Here are settings + for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + serviceMeshProfile: + description: Storage version of v1api20231001.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + istio: + description: Storage version of v1api20231001.IstioServiceMesh_STATUS + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. + For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + plugin: + description: Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly + supported by storage resources, allowing for full + fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: Storage version of v1api20231001.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + egressGateways: + items: + description: Storage version of v1api20231001.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: Storage version of v1api20231001.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support + up to one external ingress gateway named `aks-istio-ingressgateway-external` + and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of + stashed information that used for properties not + directly supported by storage resources, allowing + for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to + use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + clientId: + type: string + type: object + sku: + description: Storage version of v1api20231001.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + systemData: + description: Storage version of v1api20231001.SystemData_STATUS Metadata + pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + adminPassword: + type: string + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the + workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler + profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node pool version + cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: As a best practice, you should + upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within + two minor versions of the control plane version. The node pool version + cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies an OS SKU. This value must not be specified + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: Describes whether the Agent Pool is Running + or Stopped' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20210501storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20210501.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixIDReference: + description: 'NodePublicIPPrefixIDReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetIDReference: + description: 'PodSubnetIDReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetIDReference: + description: 'VnetSubnetIDReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20210501.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20210501.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20210501.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20210501.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230201.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230201.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230201.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230201.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202preview + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + enum: + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion was + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: 'EnableCustomCATrust: When set to true, AKS adds a label + to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities + from user-provided list of base64 encoded certificates into node + trust stores. Defaults to false.' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + messageOfTheDay: + description: 'MessageOfTheDay: A base64-encoded string which will + be written to /etc/motd after decoding. This allows customization + of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed + raw and not be executed as a script).' + type: string + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + and are supported. When is specified, + the latest supported patch version is chosen automatically. Updating + the agent pool with the same once it has been created + will not trigger an upgrade, even if a newer patch version is available. + As a best practice, you should upgrade all node pools in an AKS + cluster to the same Kubernetes version. The node pool version must + have the same major version as the control plane. The node pool + minor version must be within two minor versions of the control plane + version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + If not specified, the default is Ubuntu if OSType=Linux or Windows2019 + if OSType=Windows. And the default Windows OSSKU will be changed + to Windows2022 after Windows2019 is deprecated.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: 'DisableOutboundNat: The default value is false. + Outbound NAT can only be disabled if the cluster outboundType + is NAT Gateway and the Windows agent pool does not have node + public IP enabled.' + type: boolean + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230202previewstorage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20230202preview.ManagedClustersAgentPool + Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20230202preview.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20230202preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableCustomCATrust: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20230202preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20230202preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20230202preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + messageOfTheDay: + type: string + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20230202preview.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20230202preview.IPTag_STATUS + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20230202preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + windowsProfile: + description: Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 12 + minLength: 1 + pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + minimum: 2 + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + enum: + - OS + - Temporary + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + enum: + - System + - User + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: 'ApplicationSecurityGroupsReferences: The IDs of + the application security groups which agent pool will associate + when created.' + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + enum: + - Deallocate + - Delete + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time (in minutes) + to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. + If this time is exceeded, the upgrade fails. If not specified, + the default is 30 minutes.' + maximum: 1440 + minimum: 1 + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + enum: + - OCIContainer + - WasmWasi + type: string + required: + - owner + type: object + status: + properties: + availabilityZones: + description: 'AvailabilityZones: The list of Availability zones to + use for nodes. This can only be specified if the AgentPoolType property + is ''VirtualMachineScaleSets''.' + items: + type: string + type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified + agent pool with the Capacity Reservation Group.' + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + description: 'Count: Number of agents (VMs) to host docker containers. + Allowed values must be in the range of 0 to 1000 (inclusive) for + user pools and in the range of 1 to 1000 (inclusive) for system + pools. The default value is 1.' + type: integer + creationData: + description: 'CreationData: CreationData to be used to specify the + source Snapshot ID if the node pool will be created/upgraded using + a snapshot.' + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source + object to be used to create the target object.' + type: string + type: object + currentOrchestratorVersion: + description: 'CurrentOrchestratorVersion: If orchestratorVersion is + a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this + field will contain the full version being used.' + type: string + enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableEncryptionAtHost: + description: 'EnableEncryptionAtHost: This is only supported on certain + VM sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption' + type: boolean + enableFIPS: + description: 'EnableFIPS: See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) + for more details.' + type: boolean + enableNodePublicIP: + description: 'EnableNodePublicIP: Some scenarios may require nodes + in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs + to make a direct connection to a cloud virtual machine to minimize + hops. For more information see [assigning a public IP per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false.' + type: boolean + enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' + type: boolean + gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to + specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: 'HostGroupID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + type: string + id: + description: 'Id: Resource ID.' + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent + pool nodes.' + properties: + allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls + or unsafe sysctl patterns (ending in `*`).' + items: + type: string + type: array + containerLogMaxFiles: + description: 'ContainerLogMaxFiles: The maximum number of container + log files that can be present for a container. The number must + be ≥ 2.' + type: integer + containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) + of container log file before it is rotated.' + type: integer + cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' + type: boolean + cpuCfsQuotaPeriod: + description: 'CpuCfsQuotaPeriod: The default is ''100ms.'' Valid + values are a sequence of decimal numbers with an optional fraction + and a unit suffix. For example: ''300ms'', ''2h45m''. Supported + units are ''ns'', ''us'', ''ms'', ''s'', ''m'', and ''h''.' + type: string + cpuManagerPolicy: + description: 'CpuManagerPolicy: The default is ''none''. See [Kubernetes + CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) + for more information. Allowed values are ''none'' and ''static''.' + type: string + failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet + fail to start if swap is enabled on the node.' + type: boolean + imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, + set to 100. The default is 85%' + type: integer + imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than + imageGcHighThreshold. The default is 80%' + type: integer + podMaxPids: + description: 'PodMaxPids: The maximum number of processes per + pod.' + type: integer + topologyManagerPolicy: + description: 'TopologyManagerPolicy: For more information see + [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). + The default is ''none''. Allowed values are ''none'', ''best-effort'', + ''restricted'', and ''single-numa-node''.' + type: string + type: object + kubeletDiskType: + description: 'KubeletDiskType: Determines the placement of emptyDir + volumes, container runtime data root, and Kubelet ephemeral storage.' + type: string + linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + properties: + swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that + will be created on each node.' + type: integer + sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' + properties: + fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' + type: integer + fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' + type: integer + fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' + type: integer + fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' + type: integer + kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' + type: integer + netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' + type: integer + netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' + type: integer + netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' + type: integer + netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' + type: integer + netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' + type: integer + netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' + type: integer + netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' + type: integer + netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' + type: string + netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting + net.ipv4.neigh.default.gc_thresh1.' + type: integer + netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting + net.ipv4.neigh.default.gc_thresh2.' + type: integer + netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting + net.ipv4.neigh.default.gc_thresh3.' + type: integer + netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' + type: integer + netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' + type: integer + netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' + type: integer + netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' + type: integer + netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' + type: integer + netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' + type: boolean + netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + type: integer + netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting + net.netfilter.nf_conntrack_buckets.' + type: integer + netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + type: integer + vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' + type: integer + vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' + type: integer + vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' + type: integer + type: object + transparentHugePageDefrag: + description: 'TransparentHugePageDefrag: Valid values are ''always'', + ''defer'', ''defer+madvise'', ''madvise'' and ''never''. The + default is ''madvise''. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + transparentHugePageEnabled: + description: 'TransparentHugePageEnabled: Valid values are ''always'', + ''madvise'', and ''never''. The default is ''always''. For more + information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge).' + type: string + type: object + maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' + type: integer + maxPods: + description: 'MaxPods: The maximum number of pods that can run on + a node.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' + type: integer + mode: + description: 'Mode: A cluster must have at least one ''System'' Agent + Pool at all times. For additional information on agent pool restrictions and + best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools' + type: string + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent + pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed + to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: 'PortEnd: The maximum port that is included + in the range. It should be ranged from 1 to 65535, and + be greater than or equal to portStart.' + type: integer + portStart: + description: 'PortStart: The minimum port that is included + in the range. It should be ranged from 1 to 65535, and + be less than or equal to portEnd.' + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application + security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public + IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with + the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeLabels: + additionalProperties: + type: string + description: 'NodeLabels: The node labels to be persisted across all + nodes in agent pool.' + type: object + nodePublicIPPrefixID: + description: 'NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + type: string + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node + pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: 'OrchestratorVersion: Both patch version + (e.g. 1.20.13) and (e.g. 1.20) are supported. When + is specified, the latest supported GA patch version + is chosen automatically. Updating the cluster with the same + once it has been created (e.g. 1.14.x -> 1.14) will not trigger + an upgrade, even if a newer patch version is available. As a best + practice, you should upgrade all node pools in an AKS cluster to + the same Kubernetes version. The node pool version must have the + same major version as the control plane. The node pool minor version + must be within two minor versions of the control plane version. + The node pool version cannot be greater than the control plane version. + For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).' + type: string + osDiskSizeGB: + type: integer + osDiskType: + description: 'OsDiskType: The default is ''Ephemeral'' if the VM supports + it and has a cache disk larger than the requested OSDiskSizeGB. + Otherwise, defaults to ''Managed''. May not be changed after creation. + For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).' + type: string + osSKU: + description: 'OsSKU: Specifies the OS SKU used by the agent pool. + The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 + if OSType is Windows.' + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: 'PodSubnetID: If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + powerState: + description: 'PowerState: When an Agent Pool is first created it is + initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and + does not accrue billing charges. An Agent Pool can only be stopped + if it is Running and provisioning state is Succeeded' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + properties_type: + description: 'PropertiesType: The type of Agent Pool.' + type: string + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning + state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement + Group.' + type: string + scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete.' + type: string + scaleSetEvictionPolicy: + description: 'ScaleSetEvictionPolicy: This cannot be specified unless + the scaleSetPriority is ''Spot''. If not specified, the default + is ''Delete''.' + type: string + scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. + If not specified, the default is ''Regular''.' + type: string + spotMaxPrice: + description: 'SpotMaxPrice: Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)' + type: number + tags: + additionalProperties: + type: string + description: 'Tags: The tags to be persisted on the agent pool virtual + machine scale set.' + type: object + type: + description: 'Type: Resource type' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' + properties: + drainTimeoutInMinutes: + description: 'DrainTimeoutInMinutes: The amount of time (in minutes) + to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. + If this time is exceeded, the upgrade fails. If not specified, + the default is 30 minutes.' + type: integer + maxSurge: + description: 'MaxSurge: This can either be set to an integer (e.g. + ''5'') or a percentage (e.g. ''50%''). If a percentage is specified, + it is the percentage of the total agent pool size at the time + of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, + including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade' + type: string + type: object + vmSize: + description: 'VmSize: VM size availability varies by region. If a + node contains insufficient compute resources (memory, cpu, etc) + pods might fail to run correctly. For more details on restricted + VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions' + type: string + vnetSubnetID: + description: 'VnetSubnetID: If this is not specified, a VNET and subnet + will be generated and used. If no podSubnetID is specified, this + applies to nodes and pods, otherwise it applies to just nodes. This + is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + type: string + workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node + can run.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20231001.ManagedClustersAgentPool Generator + information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate + the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData Data used + when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the + source object to be used to create the target object.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupReference: + description: 'HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts).' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig See [AKS + custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig Sysctl + settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange The + port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, + either to a Kubernetes resource or directly to an Azure resource + via ARMID + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixReference: + description: 'NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + originalVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podSubnetReference: + description: 'PodSubnetReference: If omitted, pod IPs are statically + assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + powerState: + description: Storage version of v1api20231001.PowerState Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity + Placement Group.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetReference: + description: 'VnetSubnetReference: If this is not specified, a VNET + and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. + This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some + resources are scoped at the subscription level ARMID is mutually + exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + type: string + required: + - owner + type: object + status: + description: Storage version of v1api20231001.ManagedClusters_AgentPool_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + availabilityZones: + items: + type: string + type: array + capacityReservationGroupID: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + count: + type: integer + creationData: + description: Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string + enableAutoScaling: + type: boolean + enableEncryptionAtHost: + type: boolean + enableFIPS: + type: boolean + enableNodePublicIP: + type: boolean + enableUltraSSD: + type: boolean + gpuInstanceProfile: + type: string + hostGroupID: + type: string + id: + type: string + kubeletConfig: + description: Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedUnsafeSysctls: + items: + type: string + type: array + containerLogMaxFiles: + type: integer + containerLogMaxSizeMB: + type: integer + cpuCfsQuota: + type: boolean + cpuCfsQuotaPeriod: + type: string + cpuManagerPolicy: + type: string + failSwapOn: + type: boolean + imageGcHighThreshold: + type: integer + imageGcLowThreshold: + type: integer + podMaxPids: + type: integer + topologyManagerPolicy: + type: string + type: object + kubeletDiskType: + type: string + linuxOSConfig: + description: Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) + for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + swapFileSizeMB: + type: integer + sysctls: + description: Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fsAioMaxNr: + type: integer + fsFileMax: + type: integer + fsInotifyMaxUserWatches: + type: integer + fsNrOpen: + type: integer + kernelThreadsMax: + type: integer + netCoreNetdevMaxBacklog: + type: integer + netCoreOptmemMax: + type: integer + netCoreRmemDefault: + type: integer + netCoreRmemMax: + type: integer + netCoreSomaxconn: + type: integer + netCoreWmemDefault: + type: integer + netCoreWmemMax: + type: integer + netIpv4IpLocalPortRange: + type: string + netIpv4NeighDefaultGcThresh1: + type: integer + netIpv4NeighDefaultGcThresh2: + type: integer + netIpv4NeighDefaultGcThresh3: + type: integer + netIpv4TcpFinTimeout: + type: integer + netIpv4TcpKeepaliveProbes: + type: integer + netIpv4TcpKeepaliveTime: + type: integer + netIpv4TcpMaxSynBacklog: + type: integer + netIpv4TcpMaxTwBuckets: + type: integer + netIpv4TcpTwReuse: + type: boolean + netIpv4TcpkeepaliveIntvl: + type: integer + netNetfilterNfConntrackBuckets: + type: integer + netNetfilterNfConntrackMax: + type: integer + vmMaxMapCount: + type: integer + vmSwappiness: + type: integer + vmVfsCachePressure: + type: integer + type: object + transparentHugePageDefrag: + type: string + transparentHugePageEnabled: + type: string + type: object + maxCount: + type: integer + maxPods: + type: integer + minCount: + type: integer + mode: + type: string + name: + type: string + networkProfile: + description: Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: Storage version of v1api20231001.PortRange_STATUS + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + description: Storage version of v1api20231001.IPTag_STATUS Contains + the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object + nodeImageVersion: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePublicIPPrefixID: + type: string + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string + osSKU: + type: string + osType: + type: string + podSubnetID: + type: string + powerState: + description: Storage version of v1api20231001.PowerState_STATUS Describes + the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + properties_type: + type: string + provisioningState: + type: string + proximityPlacementGroupID: + type: string + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: + type: integer + maxSurge: + type: string + type: object + vmSize: + type: string + vnetSubnetID: + type: string + workloadRuntime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: natgateways.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: NatGateway + listKind: NatGatewayList + plural: natgateways + singular: natgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + enum: + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + required: + - owner + type: object + status: + description: Nat Gateway resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + idleTimeoutInMinutes: + description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' + type: integer + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the NAT + gateway resource.' + type: string + publicIpAddresses: + description: 'PublicIpAddresses: An array of public ip addresses associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + publicIpPrefixes: + description: 'PublicIpPrefixes: An array of public ip prefixes associated + with the nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + resourceGuid: + description: 'ResourceGuid: The resource GUID property of the NAT + gateway resource.' + type: string + sku: + description: 'Sku: The nat gateway SKU.' + properties: + name: + description: 'Name: Name of Nat Gateway SKU.' + type: string + type: object + subnets: + description: 'Subnets: An array of references to the subnets using + this nat gateway resource.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + zones: + description: 'Zones: A list of availability zones denoting the zone + in which Nat Gateway should be deployed.' + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.NatGateway Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.NatGateway_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + sku: + description: Storage version of v1api20220701.NatGatewaySku SKU of + nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + zones: + items: + type: string + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20220701.NatGateway_STATUS Nat Gateway + resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + type: string + id: + type: string + idleTimeoutInMinutes: + type: integer + location: + type: string + name: + type: string + provisioningState: + type: string + publicIpAddresses: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + publicIpPrefixes: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + resourceGuid: + type: string + sku: + description: Storage version of v1api20220701.NatGatewaySku_STATUS + SKU of nat gateway. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + subnets: + items: + description: Storage version of v1api20220701.ApplicationGatewaySubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + type: object + type: + type: string + zones: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: privateendpoints.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: PrivateEndpoint + listKind: PrivateEndpointList + plural: privateendpoints + singular: privateendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object + ipConfigurations: + description: 'IpConfigurations: A list of IP configurations of the + private endpoint. This will be used to map to the First Party Service''s + endpoints.' + items: + description: An IP Configuration of the private endpoint. + properties: + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: 'ManualPrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource. Used when the network + admin does not have access to approve connections to the remote + resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: object + type: array + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: object + type: array + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Private endpoint resource. + properties: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: Application security groups + in which the private endpoint IP configuration is included.' + items: + description: An application security group in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + description: 'CustomDnsConfigs: An array of custom dns configurations.' + items: + description: Contains custom Dns resolution configuration from customer. + properties: + fqdn: + description: 'Fqdn: Fqdn that resolves to private endpoint ip + address.' + type: string + ipAddresses: + description: 'IpAddresses: A list of private ip addresses of + the private endpoint.' + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + description: 'CustomNetworkInterfaceName: The custom name of the network + interface attached to the private endpoint.' + type: string + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the load + balancer.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: A list of IP configurations of the + private endpoint. This will be used to map to the First Party Service''s + endpoints.' + items: + description: An IP Configuration of the private endpoint. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupId: + description: 'GroupId: The ID of a group obtained from the remote + resource that this private endpoint should connect to.' + type: string + memberName: + description: 'MemberName: The member name of a group obtained + from the remote resource that this private endpoint should + connect to.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group.' + type: string + privateIPAddress: + description: 'PrivateIPAddress: A private ip address obtained + from the private endpoint''s subnet.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + manualPrivateLinkServiceConnections: + description: 'ManualPrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource. Used when the network + admin does not have access to approve connections to the remote + resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + name: + description: 'Name: Resource name.' + type: string + networkInterfaces: + description: 'NetworkInterfaces: An array of references to the network + interfaces created for this private endpoint.' + items: + description: A network interface in a resource group. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceConnections: + description: 'PrivateLinkServiceConnections: A grouping of information + about the connection to the remote resource.' + items: + description: PrivateLinkServiceConnection resource. + properties: + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + groupIds: + description: 'GroupIds: The ID(s) of the group(s) obtained from + the remote resource that this private endpoint should connect + to.' + items: + type: string + type: array + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a resource group. This name can be used to access the + resource.' + type: string + privateLinkServiceConnectionState: + description: 'PrivateLinkServiceConnectionState: A collection + of read-only information about the state of the connection + to the remote resource.' + properties: + actionsRequired: + description: 'ActionsRequired: A message indicating if changes + on the service provider require any updates on the consumer.' + type: string + description: + description: 'Description: The reason for approval/rejection + of the connection.' + type: string + status: + description: 'Status: Indicates whether the connection has + been Approved/Rejected/Removed by the owner of the service.' + type: string + type: object + privateLinkServiceId: + description: 'PrivateLinkServiceId: The resource id of private + link service.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + private link service connection resource.' + type: string + requestMessage: + description: 'RequestMessage: A message passed to the owner + of the remote resource with this connection request. Restricted + to 140 chars.' + type: string + type: + description: 'Type: The resource type.' + type: string + type: object + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the private + endpoint resource.' + type: string + subnet: + description: 'Subnet: The ID of the subnet from which the private + IP will be allocated.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.PrivateEndpoint Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.PrivateEndpoint_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + customNetworkInterfaceName: + type: string + extendedLocation: + description: Storage version of v1api20220701.ExtendedLocation ExtendedLocation + complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipConfigurations: + items: + description: Storage version of v1api20220701.PrivateEndpointIPConfiguration + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupIds: + items: + type: string + type: array + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceReference: + description: 'PrivateLinkServiceReference: The resource id of + private link service.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requestMessage: + type: string + type: object + type: array + subnet: + description: Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + applicationSecurityGroups: + items: + description: Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded + An application security group in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + customDnsConfigs: + items: + description: Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS + Contains custom Dns resolution configuration from customer. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + fqdn: + type: string + ipAddresses: + items: + type: string + type: array + type: object + type: array + customNetworkInterfaceName: + type: string + etag: + type: string + extendedLocation: + description: Storage version of v1api20220701.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS + An IP Configuration of the private endpoint. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupId: + type: string + memberName: + type: string + name: + type: string + privateIPAddress: + type: string + type: + type: string + type: object + type: array + location: + type: string + manualPrivateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + name: + type: string + networkInterfaces: + items: + description: Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded + A network interface in a resource group. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceConnections: + items: + description: Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS + PrivateLinkServiceConnection resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + etag: + type: string + groupIds: + items: + type: string + type: array + id: + type: string + name: + type: string + privateLinkServiceConnectionState: + description: Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS + A collection of information about the state of the connection + between service consumer and provider. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed + information that used for properties not directly supported + by storage resources, allowing for full fidelity round + trip conversions + type: object + actionsRequired: + type: string + description: + type: string + status: + type: string + type: object + privateLinkServiceId: + type: string + provisioningState: + type: string + requestMessage: + type: string + type: + type: string + type: object + type: array + provisioningState: + type: string + subnet: + description: Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded + Subnet in a virtual network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: resourcegroups.resources.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: resources.azure.com + names: + kind: ResourceGroup + listKind: ResourceGroupList + plural: resourcegroups + singular: resourcegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + maxLength: 90 + minLength: 1 + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + required: + - location + type: object + status: + description: Resource group information. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: The ID of the resource group.' + type: string + location: + description: 'Location: The location of the resource group. It cannot + be changed after the resource group has been created. It must be + one of the supported Azure locations.' + type: string + managedBy: + description: 'ManagedBy: The ID of the resource that manages this + resource group.' + type: string + name: + description: 'Name: The name of the resource group.' + type: string + properties: + description: 'Properties: The resource group properties.' + properties: + provisioningState: + description: 'ProvisioningState: The provisioning state.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: The tags attached to the resource group.' + type: object + type: + description: 'Type: The type of the resource group.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20200601storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20200601.ResourceGroup Generator information: + - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json + - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20200601.ResourceGroup_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + location: + type: string + managedBy: + type: string + originalVersion: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + status: + description: Storage version of v1api20200601.ResourceGroup_STATUS Resource + group information. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + location: + type: string + managedBy: + type: string + name: + type: string + properties: + description: Storage version of v1api20200601.ResourceGroupProperties_STATUS + The resource group properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + provisioningState: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: virtualnetworks.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetwork + listKind: VirtualNetworkList + plural: virtualnetworks + singular: virtualnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + required: + - virtualNetworkCommunity + type: object + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: 'EnableDdosProtection: Indicates if DDoS protection is + enabled for all the protected resources in the virtual network. + It requires a DDoS protection plan associated with the resource.' + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + required: + - name + - type + type: object + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Virtual Network resource. + properties: + addressSpace: + description: 'AddressSpace: The AddressSpace that contains an array + of IP address ranges that can be used by subnets.' + properties: + addressPrefixes: + description: 'AddressPrefixes: A list of address blocks reserved + for this virtual network in CIDR notation.' + items: + type: string + type: array + type: object + bgpCommunities: + description: 'BgpCommunities: Bgp Communities sent over ExpressRoute + with each route corresponding to a prefix in this VNET.' + properties: + regionalCommunity: + description: 'RegionalCommunity: The BGP community associated + with the region of the virtual network.' + type: string + virtualNetworkCommunity: + description: 'VirtualNetworkCommunity: The BGP community associated + with the virtual network.' + type: string + type: object + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: 'DdosProtectionPlan: The DDoS protection plan associated + with the virtual network.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + dhcpOptions: + description: 'DhcpOptions: The dhcpOptions that contains an array + of DNS servers available to VMs deployed in the virtual network.' + properties: + dnsServers: + description: 'DnsServers: The list of DNS servers IP addresses.' + items: + type: string + type: array + type: object + enableDdosProtection: + description: 'EnableDdosProtection: Indicates if DDoS protection is + enabled for all the protected resources in the virtual network. + It requires a DDoS protection plan associated with the resource.' + type: boolean + enableVmProtection: + description: 'EnableVmProtection: Indicates if VM protection is enabled + for all the subnets in the virtual network.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + extendedLocation: + description: 'ExtendedLocation: The extended location of the virtual + network.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + type: string + type: object + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this VNET.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the virtual + network resource.' + type: string + resourceGuid: + description: 'ResourceGuid: The resourceGuid property of the Virtual + Network resource.' + type: string + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20201101.VirtualNetwork Generator information: + - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetwork_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressSpace: + description: Storage version of v1api20201101.AddressSpace AddressSpace + contains an array of IP address ranges that can be used by subnets + of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + bgpCommunities: + description: Storage version of v1api20201101.VirtualNetworkBgpCommunities + Bgp Communities sent over ExpressRoute with each route corresponding + to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + virtualNetworkCommunity: + type: string + type: object + ddosProtectionPlan: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + dhcpOptions: + description: Storage version of v1api20201101.DhcpOptions DhcpOptions + contains an array of DNS servers available to VMs deployed in the + virtual network. Standard DHCP option for a subnet overrides VNET + DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + extendedLocation: + description: Storage version of v1api20201101.ExtendedLocation ExtendedLocation + complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetwork_STATUS Virtual + Network resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressSpace: + description: Storage version of v1api20201101.AddressSpace_STATUS + AddressSpace contains an array of IP address ranges that can be + used by subnets of the virtual network. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefixes: + items: + type: string + type: array + type: object + bgpCommunities: + description: Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS + Bgp Communities sent over ExpressRoute with each route corresponding + to a prefix in this VNET. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + regionalCommunity: + type: string + virtualNetworkCommunity: + type: string + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + ddosProtectionPlan: + description: Storage version of v1api20201101.SubResource_STATUS Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + dhcpOptions: + description: Storage version of v1api20201101.DhcpOptions_STATUS DhcpOptions + contains an array of DNS servers available to VMs deployed in the + virtual network. Standard DHCP option for a subnet overrides VNET + DHCP options. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + dnsServers: + items: + type: string + type: array + type: object + enableDdosProtection: + type: boolean + enableVmProtection: + type: boolean + etag: + type: string + extendedLocation: + description: Storage version of v1api20201101.ExtendedLocation_STATUS + ExtendedLocation complex type. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + name: + type: string + type: + type: string + type: object + id: + type: string + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + resourceGuid: + type: string + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: virtualnetworkssubnets.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: VirtualNetworksSubnet + listKind: VirtualNetworksSubnetList + plural: virtualnetworkssubnets + singular: virtualnetworkssubnet + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: object + type: array + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a network.azure.com/VirtualNetwork + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + enum: + - Disabled + - Enabled + type: string + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + enum: + - Disabled + - Enabled + type: string + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + required: + - owner + type: object + status: + properties: + addressPrefix: + description: 'AddressPrefix: The address prefix for the subnet.' + type: string + addressPrefixes: + description: 'AddressPrefixes: List of address prefixes for the subnet.' + items: + type: string + type: array + applicationGatewayIpConfigurations: + description: 'ApplicationGatewayIpConfigurations: Application gateway + IP configurations of virtual network resource.' + items: + description: IP configuration of an application gateway. Currently + 1 public and 1 private IP configuration is allowed. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + description: 'Delegations: An array of references to the delegations + on the subnet.' + items: + description: Details the service to which the subnet is delegated. + properties: + actions: + description: 'Actions: The actions permitted to the service + upon delegation.' + items: + type: string + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + name: + description: 'Name: The name of the resource that is unique + within a subnet. This name can be used to access the resource.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service delegation resource.' + type: string + serviceName: + description: 'ServiceName: The name of the service to whom the + subnet should be delegated (e.g. Microsoft.Sql/servers).' + type: string + type: + description: 'Type: Resource type.' + type: string + type: object + type: array + etag: + description: 'Etag: A unique read-only string that changes whenever + the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipAllocations: + description: 'IpAllocations: Array of IpAllocation which reference + this subnet.' + items: + description: Reference to another subresource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurationProfiles: + description: 'IpConfigurationProfiles: Array of IP configuration profiles + which reference this subnet.' + items: + description: IP configuration profile child resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + ipConfigurations: + description: 'IpConfigurations: An array of references to the network + interface IP configurations using subnet.' + items: + description: IP configuration. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + name: + description: 'Name: The name of the resource that is unique within + a resource group. This name can be used to access the resource.' + type: string + natGateway: + description: 'NatGateway: Nat gateway associated with this subnet.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + networkSecurityGroup: + description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup + resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + privateEndpointNetworkPolicies: + description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply + network policies on private end point in the subnet.' + type: string + privateEndpoints: + description: 'PrivateEndpoints: An array of references to private + endpoints.' + items: + description: Private endpoint resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable + apply network policies on private link service in the subnet.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the subnet + resource.' + type: string + purpose: + description: 'Purpose: A read-only string identifying the intention + of use for this subnet based on delegations and other user-defined + properties.' + type: string + resourceNavigationLinks: + description: 'ResourceNavigationLinks: An array of references to the + external resources using subnet.' + items: + description: ResourceNavigationLink resource. + properties: + id: + description: 'Id: Resource navigation link identifier.' + type: string + type: object + type: array + routeTable: + description: 'RouteTable: The reference to the RouteTable resource.' + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + serviceAssociationLinks: + description: 'ServiceAssociationLinks: An array of references to services + injecting into this subnet.' + items: + description: ServiceAssociationLink resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpointPolicies: + description: 'ServiceEndpointPolicies: An array of service endpoint + policies.' + items: + description: Service End point policy resource. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + serviceEndpoints: + description: 'ServiceEndpoints: An array of service endpoints.' + items: + description: The service endpoint properties. + properties: + locations: + description: 'Locations: A list of locations.' + items: + type: string + type: array + provisioningState: + description: 'ProvisioningState: The provisioning state of the + service endpoint resource.' + type: string + service: + description: 'Service: The type of the endpoint service.' + type: string + type: object + type: array + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20201101storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20201101.VirtualNetworksSubnet Generator + information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public + and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + azureName: + description: 'AzureName: The name of the resource in Azure. This is + often the same as the name of the resource in Kubernetes but it + doesn''t have to be.' + type: string + delegations: + items: + description: Storage version of v1api20201101.Delegation Details + the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + serviceName: + type: string + type: object + type: array + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + natGateway: + description: Storage version of v1api20201101.SubResource Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + networkSecurityGroup: + description: Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls + where the resource goes when it is deployed. The owner also controls + the resources lifecycle. When the owner is deleted the resource + will also be deleted. Owner is expected to be a reference to a network.azure.com/VirtualNetwork + resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateLinkServiceNetworkPolicies: + type: string + routeTable: + description: Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level ARMID + is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + serviceEndpointPolicies: + items: + description: Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional + as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace + and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + serviceEndpoints: + items: + description: Storage version of v1api20201101.ServiceEndpointPropertiesFormat + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + service: + type: string + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20201101.VirtualNetworks_Subnet_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + addressPrefix: + type: string + addressPrefixes: + items: + type: string + type: array + applicationGatewayIpConfigurations: + items: + description: Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration of an application gateway. Currently 1 public + and 1 private IP configuration is allowed. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + conditions: + items: + description: Condition defines an extension to status (an observation) + of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating + details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons + are upper CamelCase (PascalCase) with no spaces. A reason + is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type + of condition. For conditions which have positive polarity + (Status == True is their normal/healthy state), this will + be omitted when Status == True For conditions which have negative + polarity (Status == False is their normal/healthy state), + this will be omitted when Status == False. This is omitted + in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or + Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + delegations: + items: + description: Storage version of v1api20201101.Delegation_STATUS + Details the service to which the subnet is delegated. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + actions: + items: + type: string + type: array + etag: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + serviceName: + type: string + type: + type: string + type: object + type: array + etag: + type: string + id: + type: string + ipAllocations: + items: + description: Storage version of v1api20201101.SubResource_STATUS + Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurationProfiles: + items: + description: Storage version of v1api20201101.IPConfigurationProfile_STATUS + IP configuration profile child resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + ipConfigurations: + items: + description: Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + IP configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + name: + type: string + natGateway: + description: Storage version of v1api20201101.SubResource_STATUS Reference + to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + networkSecurityGroup: + description: Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + NetworkSecurityGroup resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + privateEndpointNetworkPolicies: + type: string + privateEndpoints: + items: + description: Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Private endpoint resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + privateLinkServiceNetworkPolicies: + type: string + provisioningState: + type: string + purpose: + type: string + resourceNavigationLinks: + items: + description: Storage version of v1api20201101.ResourceNavigationLink_STATUS + ResourceNavigationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + routeTable: + description: Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded + Route table resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage resources, + allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + serviceAssociationLinks: + items: + description: Storage version of v1api20201101.ServiceAssociationLink_STATUS + ServiceAssociationLink resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpointPolicies: + items: + description: Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded + Service End point policy resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + serviceEndpoints: + items: + description: Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS + The service endpoint properties. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information + that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + locations: + items: + type: string + type: array + provisioningState: + type: string + service: + type: string + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: azureserviceoperator-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-role + namespace: capz-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-crd-reader-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-manager-role +rules: +- apiGroups: + - apimanagement.azure.com + resources: + - apis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apis/finalizers + - apis/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - apiversionsets/finalizers + - apiversionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - backends + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - backends/finalizers + - backends/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - namedvalues/finalizers + - namedvalues/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policies/finalizers + - policies/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - policyfragments/finalizers + - policyfragments/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - products + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - products/finalizers + - products/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - services/finalizers + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apimanagement.azure.com + resources: + - subscriptions/finalizers + - subscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - appconfiguration.azure.com + resources: + - configurationstores/finalizers + - configurationstores/status + verbs: + - get + - patch + - update +- apiGroups: + - authorization.azure.com + resources: + - roleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authorization.azure.com + resources: + - roleassignments/finalizers + - roleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.azure.com + resources: + - batchaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.azure.com + resources: + - batchaccounts/finalizers + - batchaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redis/finalizers + - redis/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprisedatabases/finalizers + - redisenterprisedatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisenterprises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisenterprises/finalizers + - redisenterprises/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redisfirewallrules/finalizers + - redisfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redislinkedservers/finalizers + - redislinkedservers/status + verbs: + - get + - patch + - update +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cache.azure.com + resources: + - redispatchschedules/finalizers + - redispatchschedules/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profiles/finalizers + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdn.azure.com + resources: + - profilesendpoints/finalizers + - profilesendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - diskencryptionsets/finalizers + - diskencryptionsets/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - disks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - disks/finalizers + - disks/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - images + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - images/finalizers + - images/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - snapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - snapshots/finalizers + - snapshots/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachines/finalizers + - virtualmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - compute.azure.com + resources: + - virtualmachinescalesets/finalizers + - virtualmachinescalesets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerinstance.azure.com + resources: + - containergroups/finalizers + - containergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - containerregistry.azure.com + resources: + - registries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerregistry.azure.com + resources: + - registries/finalizers + - registries/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleets/finalizers + - fleets/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/finalizers + - fleetsmembers/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsupdateruns/finalizers + - fleetsupdateruns/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/finalizers + - managedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/finalizers + - managedclustersagentpools/status + verbs: + - get + - patch + - update +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - trustedaccessrolebindings/finalizers + - trustedaccessrolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datafactory.azure.com + resources: + - factories/finalizers + - factories/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaults/finalizers + - backupvaults/status + verbs: + - get + - patch + - update +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataprotection.azure.com + resources: + - backupvaultsbackuppolicies/finalizers + - backupvaultsbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - configurations/finalizers + - configurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - databases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - databases/finalizers + - databases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformariadb.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformariadb.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversadministrators/finalizers + - flexibleserversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbformysql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbformysql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleservers/finalizers + - flexibleservers/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversconfigurations/finalizers + - flexibleserversconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversdatabases/finalizers + - flexibleserversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - flexibleserversfirewallrules/finalizers + - flexibleserversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dbforpostgresql.azure.com + resources: + - users/finalizers + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - devices.azure.com + resources: + - iothubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devices.azure.com + resources: + - iothubs/finalizers + - iothubs/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - databaseaccounts/finalizers + - databaseaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollections/finalizers + - mongodbdatabasecollections/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasecollectionthroughputsettings/finalizers + - mongodbdatabasecollectionthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabases/finalizers + - mongodbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - mongodbdatabasethroughputsettings/finalizers + - mongodbdatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainers/finalizers + - sqldatabasecontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerstoredprocedures/finalizers + - sqldatabasecontainerstoredprocedures/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainerthroughputsettings/finalizers + - sqldatabasecontainerthroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontainertriggers/finalizers + - sqldatabasecontainertriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasecontaineruserdefinedfunctions/finalizers + - sqldatabasecontaineruserdefinedfunctions/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabases/finalizers + - sqldatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqldatabasethroughputsettings/finalizers + - sqldatabasethroughputsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - documentdb.azure.com + resources: + - sqlroleassignments/finalizers + - sqlroleassignments/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domains + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domains/finalizers + - domains/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - domainstopics/finalizers + - domainstopics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - eventsubscriptions/finalizers + - eventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - eventgrid.azure.com + resources: + - topics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventgrid.azure.com + resources: + - topics/finalizers + - topics/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubs/finalizers + - namespaceseventhubs/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsauthorizationrules/finalizers + - namespaceseventhubsauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eventhub.azure.com + resources: + - namespaceseventhubsconsumergroups/finalizers + - namespaceseventhubsconsumergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - actiongroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - actiongroups/finalizers + - actiongroups/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - autoscalesettings/finalizers + - autoscalesettings/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - components + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - components/finalizers + - components/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - metricalerts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - metricalerts/finalizers + - metricalerts/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - scheduledqueryrules/finalizers + - scheduledqueryrules/status + verbs: + - get + - patch + - update +- apiGroups: + - insights.azure.com + resources: + - webtests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - insights.azure.com + resources: + - webtests/finalizers + - webtests/status + verbs: + - get + - patch + - update +- apiGroups: + - keyvault.azure.com + resources: + - vaults + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keyvault.azure.com + resources: + - vaults/finalizers + - vaults/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/finalizers + - extensions/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacescomputes/finalizers + - workspacescomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machinelearningservices.azure.com + resources: + - workspacesconnections/finalizers + - workspacesconnections/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - federatedidentitycredentials/finalizers + - federatedidentitycredentials/status + verbs: + - get + - patch + - update +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - managedidentity.azure.com + resources: + - userassignedidentities/finalizers + - userassignedidentities/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - applicationgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - applicationgateways/finalizers + - applicationgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/finalizers + - bastionhosts/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesets/finalizers + - dnsforwardingrulesets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsforwardingrulesetsforwardingrules/finalizers + - dnsforwardingrulesetsforwardingrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolvers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolvers/finalizers + - dnsresolvers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversinboundendpoints/finalizers + - dnsresolversinboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnsresolversoutboundendpoints/finalizers + - dnsresolversoutboundendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszones/finalizers + - dnszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesaaaarecords/finalizers + - dnszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesarecords/finalizers + - dnszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescaarecords/finalizers + - dnszonescaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonescnamerecords/finalizers + - dnszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesmxrecords/finalizers + - dnszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesnsrecords/finalizers + - dnszonesnsrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonesptrrecords/finalizers + - dnszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonessrvrecords/finalizers + - dnszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - dnszonestxtrecords/finalizers + - dnszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancers/finalizers + - loadbalancers/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - loadbalancersinboundnatrules/finalizers + - loadbalancersinboundnatrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - natgateways/finalizers + - natgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networkinterfaces/finalizers + - networkinterfaces/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroups/finalizers + - networksecuritygroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - networksecuritygroupssecurityrules/finalizers + - networksecuritygroupssecurityrules/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszones/finalizers + - privatednszones/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesaaaarecords/finalizers + - privatednszonesaaaarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesarecords/finalizers + - privatednszonesarecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonescnamerecords/finalizers + - privatednszonescnamerecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesmxrecords/finalizers + - privatednszonesmxrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesptrrecords/finalizers + - privatednszonesptrrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonessrvrecords/finalizers + - privatednszonessrvrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonestxtrecords/finalizers + - privatednszonestxtrecords/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatednszonesvirtualnetworklinks/finalizers + - privatednszonesvirtualnetworklinks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/finalizers + - privateendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpointsprivatednszonegroups/finalizers + - privateendpointsprivatednszonegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - privatelinkservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privatelinkservices/finalizers + - privatelinkservices/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipaddresses/finalizers + - publicipaddresses/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - publicipprefixes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - publicipprefixes/finalizers + - publicipprefixes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetables/finalizers + - routetables/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - routetablesroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - routetablesroutes/finalizers + - routetablesroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofiles/finalizers + - trafficmanagerprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesazureendpoints/finalizers + - trafficmanagerprofilesazureendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesexternalendpoints/finalizers + - trafficmanagerprofilesexternalendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - trafficmanagerprofilesnestedendpoints/finalizers + - trafficmanagerprofilesnestedendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkgateways/finalizers + - virtualnetworkgateways/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworks/finalizers + - virtualnetworks/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworkssubnets/finalizers + - virtualnetworkssubnets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - virtualnetworksvirtualnetworkpeerings/finalizers + - virtualnetworksvirtualnetworkpeerings/status + verbs: + - get + - patch + - update +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operationalinsights.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/finalizers + - resourcegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - search.azure.com + resources: + - searchservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - search.azure.com + resources: + - searchservices/finalizers + - searchservices/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespaces/finalizers + - namespaces/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesauthorizationrules/finalizers + - namespacesauthorizationrules/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacesqueues/finalizers + - namespacesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopics/finalizers + - namespacestopics/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptions/finalizers + - namespacestopicssubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - servicebus.azure.com + resources: + - namespacestopicssubscriptionsrules/finalizers + - namespacestopicssubscriptionsrules/status + verbs: + - get + - patch + - update +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - signalrservice.azure.com + resources: + - signalrs/finalizers + - signalrs/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - servers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - servers/finalizers + - servers/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadministrators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadministrators/finalizers + - serversadministrators/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversadvancedthreatprotectionsettings/finalizers + - serversadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversauditingsettings/finalizers + - serversauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversazureadonlyauthentications/finalizers + - serversazureadonlyauthentications/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversconnectionpolicies/finalizers + - serversconnectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabases/finalizers + - serversdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesadvancedthreatprotectionsettings/finalizers + - serversdatabasesadvancedthreatprotectionsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesauditingsettings/finalizers + - serversdatabasesauditingsettings/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackuplongtermretentionpolicies/finalizers + - serversdatabasesbackuplongtermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesbackupshorttermretentionpolicies/finalizers + - serversdatabasesbackupshorttermretentionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasessecurityalertpolicies/finalizers + - serversdatabasessecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasestransparentdataencryptions/finalizers + - serversdatabasestransparentdataencryptions/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversdatabasesvulnerabilityassessments/finalizers + - serversdatabasesvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverselasticpools/finalizers + - serverselasticpools/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfailovergroups/finalizers + - serversfailovergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversfirewallrules/finalizers + - serversfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversipv6firewallrules/finalizers + - serversipv6firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversoutboundfirewallrules/finalizers + - serversoutboundfirewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serverssecurityalertpolicies/finalizers + - serverssecurityalertpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvirtualnetworkrules/finalizers + - serversvirtualnetworkrules/status + verbs: + - get + - patch + - update +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - sql.azure.com + resources: + - serversvulnerabilityassessments/finalizers + - serversvulnerabilityassessments/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccounts/finalizers + - storageaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservices/finalizers + - storageaccountsblobservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsblobservicescontainers/finalizers + - storageaccountsblobservicescontainers/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservices/finalizers + - storageaccountsfileservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsfileservicesshares/finalizers + - storageaccountsfileservicesshares/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsmanagementpolicies/finalizers + - storageaccountsmanagementpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservices/finalizers + - storageaccountsqueueservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountsqueueservicesqueues/finalizers + - storageaccountsqueueservicesqueues/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservices/finalizers + - storageaccountstableservices/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.azure.com + resources: + - storageaccountstableservicestables/finalizers + - storageaccountstableservicestables/status + verbs: + - get + - patch + - update +- apiGroups: + - subscription.azure.com + resources: + - aliases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - subscription.azure.com + resources: + - aliases/finalizers + - aliases/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspaces/finalizers + - workspaces/status + verbs: + - get + - patch + - update +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - synapse.azure.com + resources: + - workspacesbigdatapools/finalizers + - workspacesbigdatapools/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - serverfarms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - serverfarms/finalizers + - serverfarms/status + verbs: + - get + - patch + - update +- apiGroups: + - web.azure.com + resources: + - sites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - web.azure.com + resources: + - sites/finalizers + - sites/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: azureserviceoperator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - fleetsmembers/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - containerservice.azure.com + resources: + - managedclustersagentpools/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusteridentities + - azureclusteridentities/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepoolmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubernetesconfiguration.azure.com + resources: + - extensions/status + verbs: + - get + - list + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts + - natgateways + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/status + - natgateways/status + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints + - virtualnetworks + - virtualnetworkssubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - privateendpoints/status + - virtualnetworks/status + - virtualnetworkssubnets/status + verbs: + - get + - list + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - resources.azure.com + resources: + - resourcegroups/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: azureserviceoperator-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: azureserviceoperator-leader-election-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-leader-election-rolebinding + namespace: capz-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capz-leader-election-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-crd-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-crd-reader-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-manager-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azureserviceoperator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: azureserviceoperator-proxy-role +subjects: +- kind: ServiceAccount + name: azureserviceoperator-default + namespace: capz-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capz-manager-role +subjects: +- kind: ServiceAccount + name: capz-manager + namespace: capz-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings + namespace: capz-system +stringData: + AZURE_AUTHORITY_HOST: ${AZURE_AUTHORITY_HOST:=""} + AZURE_CLIENT_ID: "" + AZURE_RESOURCE_MANAGER_AUDIENCE: ${AZURE_RESOURCE_MANAGER_AUDIENCE:=""} + AZURE_RESOURCE_MANAGER_ENDPOINT: ${AZURE_RESOURCE_MANAGER_ENDPOINT:=""} + AZURE_SUBSCRIPTION_ID: "" + AZURE_SYNC_PERIOD: ${AZURE_SYNC_PERIOD:=""} + AZURE_TENANT_ID: "" +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager-metrics-service + namespace: capz-system +spec: + ports: + - name: metrics + port: 8080 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: azureserviceoperator-proxy-service + namespace: capz-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + name: azureserviceoperator-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-webhook-service + namespace: capz-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-azure +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + name: azureserviceoperator-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + aadpodidbinding: aso-manager-binding + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.5.0 + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=:8080 + - --health-addr=:8081 + - --enable-leader-election + - --v=2 + - --crd-pattern=${ADDITIONAL_ASO_CRDS:= } + - --webhook-port=9443 + - --webhook-cert-dir=/tmp/k8s-webhook-server/serving-certs + env: + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_ID + name: aso-controller-settings + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_SECRET + name: aso-controller-settings + optional: true + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + key: AZURE_TENANT_ID + name: aso-controller-settings + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: AZURE_SUBSCRIPTION_ID + name: aso-controller-settings + - name: AZURE_CLIENT_CERTIFICATE + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE + name: aso-controller-settings + optional: true + - name: AZURE_CLIENT_CERTIFICATE_PASSWORD + valueFrom: + secretKeyRef: + key: AZURE_CLIENT_CERTIFICATE_PASSWORD + name: aso-controller-settings + optional: true + - name: AZURE_AUTHORITY_HOST + valueFrom: + secretKeyRef: + key: AZURE_AUTHORITY_HOST + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_ENDPOINT + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_ENDPOINT + name: aso-controller-settings + optional: true + - name: AZURE_RESOURCE_MANAGER_AUDIENCE + valueFrom: + secretKeyRef: + key: AZURE_RESOURCE_MANAGER_AUDIENCE + name: aso-controller-settings + optional: true + - name: AZURE_TARGET_NAMESPACES + valueFrom: + secretKeyRef: + key: AZURE_TARGET_NAMESPACES + name: aso-controller-settings + optional: true + - name: AZURE_OPERATOR_MODE + valueFrom: + secretKeyRef: + key: AZURE_OPERATOR_MODE + name: aso-controller-settings + optional: true + - name: AZURE_SYNC_PERIOD + valueFrom: + secretKeyRef: + key: AZURE_SYNC_PERIOD + name: aso-controller-settings + optional: true + - name: USE_WORKLOAD_IDENTITY_AUTH + valueFrom: + secretKeyRef: + key: USE_WORKLOAD_IDENTITY_AUTH + name: aso-controller-settings + optional: true + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: mcr.microsoft.com/k8s/azureserviceoperator:v2.5.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 60 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8081 + name: health-port + protocol: TCP + - containerPort: 8080 + name: metrics-port + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 60 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/run/secrets/tokens + name: azure-identity + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: azureserviceoperator-default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: azure-identity + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + name: capz-controller-manager + namespace: capz-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + azure.workload.identity/use: "true" + cluster.x-k8s.io/provider: infrastructure-azure + control-plane: capz-controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPZ_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPZ_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKSResourceHealth=${EXP_AKS_RESOURCE_HEALTH:=false},EdgeZone=${EXP_EDGEZONE:=false} + - --v=0 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/cluster-api-azure/cluster-api-azure-controller:v1.14.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/secrets/azure/tokens + name: azure-identity-token + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capz-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capz-webhook-service-cert + - name: azure-identity-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + audience: api://AzureADTokenExchange + expirationSeconds: 3600 + path: azure-identity-token +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: azureserviceoperator-serving-cert + namespace: capz-system +spec: + dnsNames: + - azureserviceoperator-webhook-service.capz-system.svc + - azureserviceoperator-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: azureserviceoperator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-serving-cert + namespace: capz-system +spec: + dnsNames: + - capz-webhook-service.capz-system.svc + - capz-webhook-service.capz-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capz-selfsigned-issuer + secretName: capz-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: azureserviceoperator-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-selfsigned-issuer + namespace: capz-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: default.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /mutate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: default.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: default.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: default.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/azureserviceoperator-serving-cert + name: azureserviceoperator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-api + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apis.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-apiversionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.apiversionsets.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - apiversionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-backend + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.backends.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - backends + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-namedvalue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.namedvalues.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - namedvalues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policies.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-policyfragment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.policyfragments.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - policyfragments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-product + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.products.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - products + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-service + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.services.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - services + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-apimanagement-azure-com-v1api20220801-subscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220801.subscriptions.apimanagement.azure.com + rules: + - apiGroups: + - apimanagement.azure.com + apiVersions: + - v1api20220801 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-appconfiguration-azure-com-v1api20220501-configurationstore + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220501.configurationstores.appconfiguration.azure.com + rules: + - apiGroups: + - appconfiguration.azure.com + apiVersions: + - v1api20220501 + operations: + - CREATE + - UPDATE + resources: + - configurationstores + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20200801preview-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200801preview.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20200801preview + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-authorization-azure-com-v1api20220401-roleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.roleassignments.authorization.azure.com + rules: + - apiGroups: + - authorization.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - roleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-batch-azure-com-v1api20210101-batchaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101.batchaccounts.batch.azure.com + rules: + - apiGroups: + - batch.azure.com + apiVersions: + - v1api20210101 + operations: + - CREATE + - UPDATE + resources: + - batchaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20201201-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20210301-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210301.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20210301 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redis + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redis.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redisfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redisfirewallrules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redisfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redislinkedserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redislinkedservers.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redislinkedservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230401-redispatchschedule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230401.redispatchschedules.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230401 + operations: + - CREATE + - UPDATE + resources: + - redispatchschedules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprisedatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprisedatabases.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cache-azure-com-v1api20230701-redisenterprise + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.redisenterprises.cache.azure.com + rules: + - apiGroups: + - cache.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - redisenterprises + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profiles.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-cdn-azure-com-v1api20210601-profilesendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.profilesendpoints.cdn.azure.com + rules: + - apiGroups: + - cdn.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - profilesendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-disk + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.disks.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - disks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20200930-snapshot + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200930.snapshots.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20200930 + operations: + - CREATE + - UPDATE + resources: + - snapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20201201-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201201.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20201201 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20210701-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-image + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.images.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - images + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachine + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachines.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220301-virtualmachinescaleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.virtualmachinescalesets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinescalesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-compute-azure-com-v1api20220702-diskencryptionset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220702.diskencryptionsets.compute.azure.com + rules: + - apiGroups: + - compute.azure.com + apiVersions: + - v1api20220702 + operations: + - CREATE + - UPDATE + resources: + - diskencryptionsets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerinstance-azure-com-v1api20211001-containergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.containergroups.containerinstance.azure.com + rules: + - apiGroups: + - containerinstance.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - containergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerregistry-azure-com-v1api20210901-registry + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210901.registries.containerregistry.azure.com + rules: + - apiGroups: + - containerregistry.azure.com + apiVersions: + - v1api20210901 + operations: + - CREATE + - UPDATE + resources: + - registries + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20210501-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230201-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230201.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230201 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230202preview-trustedaccessrolebinding + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230202preview.trustedaccessrolebindings.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230202preview + operations: + - CREATE + - UPDATE + resources: + - trustedaccessrolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleets.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsmember + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsmembers.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsmembers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20230315preview-fleetsupdaterun + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230315preview.fleetsupdateruns.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20230315preview + operations: + - CREATE + - UPDATE + resources: + - fleetsupdateruns + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedcluster + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclusters.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-containerservice-azure-com-v1api20231001-managedclustersagentpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20231001.managedclustersagentpools.containerservice.azure.com + rules: + - apiGroups: + - containerservice.azure.com + apiVersions: + - v1api20231001 + operations: + - CREATE + - UPDATE + resources: + - managedclustersagentpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-datafactory-azure-com-v1api20180601-factory + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.factories.datafactory.azure.com + rules: + - apiGroups: + - datafactory.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - factories + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaults.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dataprotection-azure-com-v1api20230101-backupvaultsbackuppolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.backupvaultsbackuppolicies.dataprotection.azure.com + rules: + - apiGroups: + - dataprotection.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - backupvaultsbackuppolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-configuration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.configurations.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - configurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-database + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.databases.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformariadb-azure-com-v1api20180601-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180601.servers.dbformariadb.azure.com + rules: + - apiGroups: + - dbformariadb.azure.com + apiVersions: + - v1api20180601 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleservers.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversdatabases.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20210501-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210501.flexibleserversfirewallrules.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20210501 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversadministrators.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1api20220101-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220101.flexibleserversconfigurations.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1api20220101 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbformysql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbformysql.azure.com + rules: + - apiGroups: + - dbformysql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20210601-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20220120preview-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220120preview.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20220120preview + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleservers.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleservers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversconfiguration + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversconfigurations.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversconfigurations + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversdatabases.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1api20221201-flexibleserversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221201.flexibleserversfirewallrules.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1api20221201 + operations: + - CREATE + - UPDATE + resources: + - flexibleserversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-dbforpostgresql-azure-com-v1-user + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1.users.dbforpostgresql.azure.com + rules: + - apiGroups: + - dbforpostgresql.azure.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - users + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-devices-azure-com-v1api20210702-iothub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210702.iothubs.devices.azure.com + rules: + - apiGroups: + - devices.azure.com + apiVersions: + - v1api20210702 + operations: + - CREATE + - UPDATE + resources: + - iothubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-databaseaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.databaseaccounts.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - databaseaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollections.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasecollectionthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasecollectionthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasecollectionthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-mongodbdatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.mongodbdatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - mongodbdatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerstoredprocedure + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerstoredprocedures.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerstoredprocedures + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainerthroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainerthroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainerthroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontainertrigger + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontainertriggers.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontainertriggers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasecontaineruserdefinedfunction + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasecontaineruserdefinedfunctions.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasecontaineruserdefinedfunctions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabases.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqldatabasethroughputsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqldatabasethroughputsettings.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqldatabasethroughputsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-documentdb-azure-com-v1api20210515-sqlroleassignment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210515.sqlroleassignments.documentdb.azure.com + rules: + - apiGroups: + - documentdb.azure.com + apiVersions: + - v1api20210515 + operations: + - CREATE + - UPDATE + resources: + - sqlroleassignments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domain + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domains.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domains + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-domainstopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.domainstopics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - domainstopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-eventsubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.eventsubscriptions.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - eventsubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventgrid-azure-com-v1api20200601-topic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.topics.eventgrid.azure.com + rules: + - apiGroups: + - eventgrid.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - topics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhub + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubs.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsauthorizationrules.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-eventhub-azure-com-v1api20211101-namespaceseventhubsconsumergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaceseventhubsconsumergroups.eventhub.azure.com + rules: + - apiGroups: + - eventhub.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaceseventhubsconsumergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180301-metricalert + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180301.metricalerts.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180301 + operations: + - CREATE + - UPDATE + resources: + - metricalerts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20180501preview-webtest + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501preview.webtests.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20180501preview + operations: + - CREATE + - UPDATE + resources: + - webtests + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20200202-component + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200202.components.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20200202 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20220615-scheduledqueryrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220615.scheduledqueryrules.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20220615 + operations: + - CREATE + - UPDATE + resources: + - scheduledqueryrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20221001-autoscalesetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001.autoscalesettings.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20221001 + operations: + - CREATE + - UPDATE + resources: + - autoscalesettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-insights-azure-com-v1api20230101-actiongroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.actiongroups.insights.azure.com + rules: + - apiGroups: + - insights.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - actiongroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20210401preview-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401preview.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20210401preview + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-keyvault-azure-com-v1api20230701-vault + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230701.vaults.keyvault.azure.com + rules: + - apiGroups: + - keyvault.azure.com + apiVersions: + - v1api20230701 + operations: + - CREATE + - UPDATE + resources: + - vaults + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-kubernetesconfiguration-azure-com-v1api20230501-extension + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230501.extensions.kubernetesconfiguration.azure.com + rules: + - apiGroups: + - kubernetesconfiguration.azure.com + apiVersions: + - v1api20230501 + operations: + - CREATE + - UPDATE + resources: + - extensions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspaces.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacescompute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacescomputes.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacescomputes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-machinelearningservices-azure-com-v1api20210701-workspacesconnection + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210701.workspacesconnections.machinelearningservices.azure.com + rules: + - apiGroups: + - machinelearningservices.azure.com + apiVersions: + - v1api20210701 + operations: + - CREATE + - UPDATE + resources: + - workspacesconnections + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20181130-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20181130.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20181130 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20220131preview-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220131preview.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20220131preview + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-federatedidentitycredential + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.federatedidentitycredentials.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - federatedidentitycredentials + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-managedidentity-azure-com-v1api20230131-userassignedidentity + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230131.userassignedidentities.managedidentity.azure.com + rules: + - apiGroups: + - managedidentity.azure.com + apiVersions: + - v1api20230131 + operations: + - CREATE + - UPDATE + resources: + - userassignedidentities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesnsrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesnsrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesnsrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180501-dnszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180501.dnszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180501 + operations: + - CREATE + - UPDATE + resources: + - dnszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20180901-privatednszone + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20180901.privatednszones.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20180901 + operations: + - CREATE + - UPDATE + resources: + - privatednszones + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesaaaarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesaaaarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesaaaarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesarecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesarecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesarecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonescnamerecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonescnamerecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonescnamerecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesmxrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesmxrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesmxrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesptrrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesptrrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesptrrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonessrvrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonessrvrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonessrvrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonestxtrecord + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonestxtrecords.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonestxtrecords + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20200601-privatednszonesvirtualnetworklink + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.privatednszonesvirtualnetworklinks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - privatednszonesvirtualnetworklinks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-loadbalancersinboundnatrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.loadbalancersinboundnatrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - loadbalancersinboundnatrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networkinterface + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networkinterfaces.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networkinterfaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-networksecuritygroupssecurityrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.networksecuritygroupssecurityrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - networksecuritygroupssecurityrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-publicipaddress + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.publicipaddresses.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - publicipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetables.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-routetablesroute + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.routetablesroutes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - routetablesroutes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetwork + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworks.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworks + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworkssubnet + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworkssubnets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworkssubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20201101-virtualnetworksvirtualnetworkpeering + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20201101.virtualnetworksvirtualnetworkpeerings.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20201101 + operations: + - CREATE + - UPDATE + resources: + - virtualnetworksvirtualnetworkpeerings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofile + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofiles.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesazureendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesazureendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesazureendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesexternalendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesexternalendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesexternalendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220401-trafficmanagerprofilesnestedendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220401.trafficmanagerprofilesnestedendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220401 + operations: + - CREATE + - UPDATE + resources: + - trafficmanagerprofilesnestedendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-applicationgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.applicationgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - applicationgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-bastionhost + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.bastionhosts.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - bastionhosts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingruleset + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesets.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsforwardingrulesetsforwardingrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsforwardingrulesetsforwardingrules.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsforwardingrulesetsforwardingrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolver + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolvers.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolvers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversinboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversinboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversinboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-dnsresolversoutboundendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.dnsresolversoutboundendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - dnsresolversoutboundendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-natgateway + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.natgateways.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - natgateways + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpoint + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpoints.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpoints + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privateendpointsprivatednszonegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privateendpointsprivatednszonegroups.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privateendpointsprivatednszonegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-privatelinkservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.privatelinkservices.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - privatelinkservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-network-azure-com-v1api20220701-publicipprefix + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220701.publicipprefixes.network.azure.com + rules: + - apiGroups: + - network.azure.com + apiVersions: + - v1api20220701 + operations: + - CREATE + - UPDATE + resources: + - publicipprefixes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-operationalinsights-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.operationalinsights.azure.com + rules: + - apiGroups: + - operationalinsights.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-resources-azure-com-v1api20200601-resourcegroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20200601.resourcegroups.resources.azure.com + rules: + - apiGroups: + - resources.azure.com + apiVersions: + - v1api20200601 + operations: + - CREATE + - UPDATE + resources: + - resourcegroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-search-azure-com-v1api20220901-searchservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.searchservices.search.azure.com + rules: + - apiGroups: + - search.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - searchservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20210101preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210101preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20210101preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20211101-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespaces.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesauthorizationrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesauthorizationrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesauthorizationrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacesqueues.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopic + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopics.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopics + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscription + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptions.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-servicebus-azure-com-v1api20221001preview-namespacestopicssubscriptionsrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20221001preview.namespacestopicssubscriptionsrules.servicebus.azure.com + rules: + - apiGroups: + - servicebus.azure.com + apiVersions: + - v1api20221001preview + operations: + - CREATE + - UPDATE + resources: + - namespacestopicssubscriptionsrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-signalrservice-azure-com-v1api20211001-signalr + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.signalrs.signalrservice.azure.com + rules: + - apiGroups: + - signalrservice.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - signalrs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-server + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.servers.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - servers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadministrator + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadministrators.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadministrators + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversazureadonlyauthentication + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversazureadonlyauthentications.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversazureadonlyauthentications + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversconnectionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversconnectionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversconnectionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabase + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabases.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesadvancedthreatprotectionsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesadvancedthreatprotectionsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesadvancedthreatprotectionsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesauditingsetting + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesauditingsettings.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesauditingsettings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackuplongtermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackuplongtermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackuplongtermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesbackupshorttermretentionpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesbackupshorttermretentionpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesbackupshorttermretentionpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasessecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasessecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasessecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasestransparentdataencryption + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasestransparentdataencryptions.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasestransparentdataencryptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversdatabasesvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversdatabasesvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversdatabasesvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverselasticpool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverselasticpools.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverselasticpools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfailovergroup + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfailovergroups.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfailovergroups + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversipv6firewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversipv6firewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversipv6firewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversoutboundfirewallrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversoutboundfirewallrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversoutboundfirewallrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serverssecurityalertpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serverssecurityalertpolicies.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serverssecurityalertpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvirtualnetworkrule + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvirtualnetworkrules.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvirtualnetworkrules + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-sql-azure-com-v1api20211101-serversvulnerabilityassessment + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211101.serversvulnerabilityassessments.sql.azure.com + rules: + - apiGroups: + - sql.azure.com + apiVersions: + - v1api20211101 + operations: + - CREATE + - UPDATE + resources: + - serversvulnerabilityassessments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20210401-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210401.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20210401 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20220901-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220901.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20220901 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccount + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccounts.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccounts + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsblobservicescontainer + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsblobservicescontainers.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsblobservicescontainers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsfileservicesshare + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsfileservicesshares.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsfileservicesshares + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsmanagementpolicy + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsmanagementpolicies.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsmanagementpolicies + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountsqueueservicesqueue + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountsqueueservicesqueues.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountsqueueservicesqueues + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservice + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservices.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservices + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-storage-azure-com-v1api20230101-storageaccountstableservicestable + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20230101.storageaccountstableservicestables.storage.azure.com + rules: + - apiGroups: + - storage.azure.com + apiVersions: + - v1api20230101 + operations: + - CREATE + - UPDATE + resources: + - storageaccountstableservicestables + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-subscription-azure-com-v1api20211001-alias + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20211001.aliases.subscription.azure.com + rules: + - apiGroups: + - subscription.azure.com + apiVersions: + - v1api20211001 + operations: + - CREATE + - UPDATE + resources: + - aliases + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspace + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspaces.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspaces + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-synapse-azure-com-v1api20210601-workspacesbigdatapool + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20210601.workspacesbigdatapools.synapse.azure.com + rules: + - apiGroups: + - synapse.azure.com + apiVersions: + - v1api20210601 + operations: + - CREATE + - UPDATE + resources: + - workspacesbigdatapools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-serverfarm + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.serverfarms.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - serverfarms + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: capz-system + path: /validate-web-azure-com-v1api20220301-site + failurePolicy: Fail + matchPolicy: Exact + name: validate.v1api20220301.sites.web.azure.com + rules: + - apiGroups: + - web.azure.com + apiVersions: + - v1api20220301 + operations: + - CREATE + - UPDATE + resources: + - sites + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capz-system/capz-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-azure + name: capz-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclusteridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclusteridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclusteridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azureclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azureclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster + failurePolicy: Fail + name: validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedclustertemplate + failurePolicy: Fail + name: validation.azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - azuremanagedclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane + failurePolicy: Fail + name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplanetemplate + failurePolicy: Fail + name: validation.azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate + failurePolicy: Fail + name: validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - azuremanagedmachinepooltemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine + failurePolicy: Fail + name: azuremachinepoolmachine.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepoolmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capz-webhook-service + namespace: capz-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None diff --git a/files/cluster-api-provider-azure/v1.14.0/metadata.yaml b/files/cluster-api-provider-azure/v1.14.0/metadata.yaml new file mode 100644 index 00000000..06b537c7 --- /dev/null +++ b/files/cluster-api-provider-azure/v1.14.0/metadata.yaml @@ -0,0 +1,61 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 3 + contract: v1alpha2 + - major: 0 + minor: 4 + contract: v1alpha3 + - major: 0 + minor: 5 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 11 + contract: v1beta1 + - major: 1 + minor: 12 + contract: v1beta1 + - major: 1 + minor: 13 + contract: v1beta1 + - major: 1 + minor: 14 + contract: v1beta1 \ No newline at end of file diff --git a/files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke-autopilot.yaml b/files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke-autopilot.yaml new file mode 100644 index 00000000..21363b07 --- /dev/null +++ b/files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke-autopilot.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: GCPManagedCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: GCPManagedControlPlane + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPManagedCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + project: "${GCP_PROJECT}" + region: "${GCP_REGION}" + network: + name: "${GCP_NETWORK_NAME}" +--- +kind: GCPManagedControlPlane +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + project: "${GCP_PROJECT}" + location: "${GCP_REGION}" + enableAutopilot: true diff --git a/files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke.yaml b/files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke.yaml new file mode 100644 index 00000000..b4cfd98c --- /dev/null +++ b/files/cluster-api-provider-gcp/v1.6.0/cluster-template-gke.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: GCPManagedCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: GCPManagedControlPlane + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPManagedCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + project: "${GCP_PROJECT}" + region: "${GCP_REGION}" + network: + name: "${GCP_NETWORK_NAME}" +--- +kind: GCPManagedControlPlane +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + project: "${GCP_PROJECT}" + location: "${GCP_REGION}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + template: + spec: + bootstrap: + dataSecretName: "" + clusterName: "${CLUSTER_NAME}" + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: GCPManagedMachinePool + name: "${CLUSTER_NAME}-mp-0" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPManagedMachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" +spec: {} + + + diff --git a/files/cluster-api-provider-gcp/v1.6.0/cluster-template.yaml b/files/cluster-api-provider-gcp/v1.6.0/cluster-template.yaml new file mode 100644 index 00000000..3c39147f --- /dev/null +++ b/files/cluster-api-provider-gcp/v1.6.0/cluster-template.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" +spec: + clusterNetwork: + pods: + cidrBlocks: ["192.168.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: GCPCluster + name: "${CLUSTER_NAME}" + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPCluster +metadata: + name: "${CLUSTER_NAME}" +spec: + project: "${GCP_PROJECT}" + region: "${GCP_REGION}" + network: + name: "${GCP_NETWORK_NAME}" +--- +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + machineTemplate: + infrastructureRef: + kind: GCPMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: "${CLUSTER_NAME}-control-plane" + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname.split(".")[0] }}' + kubeletExtraArgs: + cloud-provider: gce + clusterConfiguration: + apiServer: + timeoutForControlPlane: 20m + extraArgs: + cloud-provider: gce + controllerManager: + extraArgs: + cloud-provider: gce + allocate-node-cidrs: "false" + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname.split(".")[0] }}' + kubeletExtraArgs: + cloud-provider: gce + version: "${KUBERNETES_VERSION}" +--- +kind: GCPMachineTemplate +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: "${CLUSTER_NAME}-control-plane" +spec: + template: + spec: + instanceType: "${GCP_CONTROL_PLANE_MACHINE_TYPE}" + image: "${IMAGE_ID}" +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + clusterName: "${CLUSTER_NAME}" + replicas: ${WORKER_MACHINE_COUNT} + selector: + matchLabels: + template: + spec: + clusterName: "${CLUSTER_NAME}" + version: "${KUBERNETES_VERSION}" + bootstrap: + configRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + infrastructureRef: + name: "${CLUSTER_NAME}-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: GCPMachineTemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPMachineTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + instanceType: "${GCP_NODE_MACHINE_TYPE}" + image: "${IMAGE_ID}" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "${CLUSTER_NAME}-md-0" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.local_hostname.split(".")[0] }}' + kubeletExtraArgs: + cloud-provider: gce diff --git a/files/cluster-api-provider-gcp/v1.6.0/infrastructure-components.yaml b/files/cluster-api-provider-gcp/v1.6.0/infrastructure-components.yaml new file mode 100644 index 00000000..fd7e03f4 --- /dev/null +++ b/files/cluster-api-provider-gcp/v1.6.0/infrastructure-components.yaml @@ -0,0 +1,3279 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capg-system/capg-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capg-webhook-service + namespace: capg-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPCluster + listKind: GCPClusterList + plural: gcpclusters + singular: gcpcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for GCE instances + jsonPath: .status.ready + name: Ready + type: string + - description: GCP network the cluster is using + jsonPath: .spec.network.name + name: Network + type: string + - description: API Endpoint + jsonPath: .status.apiEndpoints[0] + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPCluster is the Schema for the gcpclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to + GCP resources managed by the GCP provider, in addition to the ones + added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsRef: + description: CredentialsRef is a reference to a Secret that contains + the credentials to use for provisioning this cluster. If not supplied + then the credentials of the controller will be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + - namespace + type: object + failureDomains: + description: FailureDomains is an optional field which is used to + assign selected availability zones to a cluster FailureDomains if + empty, defaults to all the zones in the selected region and if specified + would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC + network is created in \"auto\" mode. When set to false, the + VPC network is created in \"custom\" mode. \n An auto mode VPC + network starts with one subnet per region. Each subnet has a + predetermined range as described in Auto mode VPC network IP + ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend + (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses + that are owned by this subnetwork. Provide this property + when you create the subnetwork. For example, 10.0.0.0/8 + or 192.168.0.0/16. Ranges must be unique and non-overlapping + within a network. Only IPv4 is supported. This field can + be set only at resource creation time. + type: string + description: + description: Description is an optional description associated + with the resource. + type: string + enableFlowLogs: + description: 'EnableFlowLogs: Whether to enable flow logging + for this subnetwork. If this field is not explicitly set, + it will not appear in get listings. If not set the default + behavior is to disable flow logging.' + type: boolean + name: + description: Name defines a unique identifier to reference + this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in + this subnet can access Google services without assigning + external IP addresses + type: boolean + purpose: + default: PRIVATE_RFC_1918 + description: "Purpose: The purpose of the resource. If unspecified, + the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs + field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - + Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" + - Regular user created or automatically created subnet. + \"PRIVATE_RFC_1918\" - Regular user created or automatically + created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks + created for Private Service Connect in the producer network. + \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional + Internal/External HTTP(S) Load Balancing." + enum: + - INTERNAL_HTTPS_LOAD_BALANCER + - PRIVATE_RFC_1918 + - PRIVATE + - PRIVATE_SERVICE_CONNECT + - REGIONAL_MANAGED_PROXY + type: string + region: + description: Region is the name of the region where the + Subnetwork resides. + type: string + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR + ranges, from which secondary IP ranges of a VM may be + allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster + to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + resourceManagerTags: + description: ResourceManagerTags is an optional set of tags to apply + to GCP resources managed by the GCP provider. GCP supports a maximum + of 50 tags per resource. + items: + description: ResourceManagerTag is a tag to apply to GCP resources + managed by the GCP provider. + properties: + key: + description: Key is the key part of the tag. A tag key can have + a maximum of 63 characters and cannot be empty. Tag key must + begin and end with an alphanumeric character, and must contain + only uppercase, lowercase alphanumeric characters, and the + following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: ParentID is the ID of the hierarchical resource + where the tags are defined e.g. at the Organization or the + Project level. To find the Organization or Project ID ref + https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects + An OrganizationID must consist of decimal numbers, and cannot + have leading zeroes. A ProjectID must be 6 to 30 characters + in length, can only contain lowercase letters, numbers, and + hyphens, and must start with a letter, and cannot end with + a hyphen. + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: Value is the value part of the tag. A tag value + can have a maximum of 63 characters and cannot be empty. Tag + value must begin and end with an alphanumeric character, and + must contain only uppercase, lowercase alphanumeric characters, + and the following special characters `_-.@%=+:,*#&(){}[]` + and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + type: array + required: + - project + - region + type: object + status: + description: GCPClusterStatus defines the observed state of GCPCluster. + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + network: + description: Network encapsulates GCP networking resources. + properties: + apiServerBackendService: + description: APIServerBackendService is the full reference to + the backend service created for the API Server. + type: string + apiServerForwardingRule: + description: APIServerForwardingRule is the full reference to + the forwarding rule created for the API Server. + type: string + apiServerHealthCheck: + description: APIServerHealthCheck is the full reference to the + health check created for the API Server. + type: string + apiServerInstanceGroups: + additionalProperties: + type: string + description: APIServerInstanceGroups is a map from zone to the + full reference to the instance groups created for the control + plane nodes created in the same zone. + type: object + apiServerIpAddress: + description: APIServerAddress is the IPV4 global address assigned + to the load balancer created for the API Server. + type: string + apiServerTargetProxy: + description: APIServerTargetProxy is the full reference to the + target proxy created for the API Server. + type: string + firewallRules: + additionalProperties: + type: string + description: FirewallRules is a map from the name of the rule + to its full reference. + type: object + router: + description: Router is the full reference to the router created + within the network it'll contain the cloud nat gateway + type: string + selfLink: + description: SelfLink is the link to the Network used for this + cluster. + type: string + type: object + ready: + description: Bastion Instance `json:"bastion,omitempty"` + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capg-system/capg-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capg-webhook-service + namespace: capg-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPClusterTemplate + listKind: GCPClusterTemplateList + plural: gcpclustertemplates + shortNames: + - gcpct + singular: gcpclustertemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: GCPClusterTemplate is the Schema for the gcpclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. + properties: + template: + description: GCPClusterTemplateResource contains spec for GCPClusterSpec. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to + add to GCP resources managed by the GCP provider, in addition + to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsRef: + description: CredentialsRef is a reference to a Secret that + contains the credentials to use for provisioning this cluster. + If not supplied then the credentials of the controller will + be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + - namespace + type: object + failureDomains: + description: FailureDomains is an optional field which is + used to assign selected availability zones to a cluster + FailureDomains if empty, defaults to all the zones in the + selected region and if specified would override the default + zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to + GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, + the VPC network is created in \"auto\" mode. When set + to false, the VPC network is created in \"custom\" mode. + \n An auto mode VPC network starts with one subnet per + region. Each subnet has a predetermined range as described + in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer + backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal + addresses that are owned by this subnetwork. Provide + this property when you create the subnetwork. + For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges + must be unique and non-overlapping within a network. + Only IPv4 is supported. This field can be set + only at resource creation time. + type: string + description: + description: Description is an optional description + associated with the resource. + type: string + enableFlowLogs: + description: 'EnableFlowLogs: Whether to enable + flow logging for this subnetwork. If this field + is not explicitly set, it will not appear in get + listings. If not set the default behavior is to + disable flow logging.' + type: boolean + name: + description: Name defines a unique identifier to + reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether + VMs in this subnet can access Google services + without assigning external IP addresses + type: boolean + purpose: + default: PRIVATE_RFC_1918 + description: "Purpose: The purpose of the resource. + If unspecified, the purpose defaults to PRIVATE_RFC_1918. + The enableFlowLogs field isn't supported with + the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" + - Subnet reserved for Internal HTTP(S) Load Balancing. + \"PRIVATE\" - Regular user created or automatically + created subnet. \"PRIVATE_RFC_1918\" - Regular + user created or automatically created subnet. + \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created + for Private Service Connect in the producer network. + \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for + Regional Internal/External HTTP(S) Load Balancing." + enum: + - INTERNAL_HTTPS_LOAD_BALANCER + - PRIVATE_RFC_1918 + - PRIVATE + - PRIVATE_SERVICE_CONNECT + - REGIONAL_MANAGED_PROXY + type: string + region: + description: Region is the name of the region where + the Subnetwork resides. + type: string + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary + CIDR ranges, from which secondary IP ranges of + a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy + the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + resourceManagerTags: + description: ResourceManagerTags is an optional set of tags + to apply to GCP resources managed by the GCP provider. GCP + supports a maximum of 50 tags per resource. + items: + description: ResourceManagerTag is a tag to apply to GCP + resources managed by the GCP provider. + properties: + key: + description: Key is the key part of the tag. A tag key + can have a maximum of 63 characters and cannot be + empty. Tag key must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: ParentID is the ID of the hierarchical + resource where the tags are defined e.g. at the Organization + or the Project level. To find the Organization or + Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects + An OrganizationID must consist of decimal numbers, + and cannot have leading zeroes. A ProjectID must be + 6 to 30 characters in length, can only contain lowercase + letters, numbers, and hyphens, and must start with + a letter, and cannot end with a hyphen. + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: Value is the value part of the tag. A tag + value can have a maximum of 63 characters and cannot + be empty. Tag value must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + type: array + required: + - project + - region + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capg-system/capg-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capg-webhook-service + namespace: capg-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPMachine + listKind: GCPMachineList + plural: gcpmachines + singular: gcpmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: GCE instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: GCE instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this GCPMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPMachine is the Schema for the gcpmachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineSpec defines the desired state of GCPMachine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. + Supported types of non-root attached volumes: 1. "pd-standard" + - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent + disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). + Default is "pd-standard".' + type: string + encryptionKey: + description: EncryptionKey defines the KMS key to be used to + encrypt the disk. + properties: + keyType: + description: KeyType is the type of encryption key. Must + be either Managed, aka Customer-Managed Encryption Key + (CMEK) or Supplied, aka Customer-Supplied EncryptionKey + (CSEK). + enum: + - Managed + - Supplied + type: string + kmsKeyServiceAccount: + description: 'KMSKeyServiceAccount is the service account + being used for the encryption request for the given KMS + key. If absent, the Compute Engine default service account + is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. + The maximum length is based on the Service Account ID + (max 30), Project (max 30), and a valid gcloud email suffix + ("iam.gserviceaccount.com").' + maxLength: 85 + pattern: '[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com' + type: string + managedKey: + description: ManagedKey references keys managed by the Cloud + Key Management Service. This should be set when KeyType + is Managed. + properties: + kmsKeyName: + description: 'KMSKeyName is the name of the encryption + key that is stored in Google Cloud KMS. For example: + "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key' + maxLength: 160 + pattern: projects\/[-_[A-Za-z0-9]+\/locations\/[-_[A-Za-z0-9]+\/keyRings\/[-_[A-Za-z0-9]+\/cryptoKeys\/[-_[A-Za-z0-9]+ + type: string + type: object + suppliedKey: + description: SuppliedKey provides the key used to create + or manage a disk. This should be set when KeyType is Managed. + maxProperties: 1 + minProperties: 1 + properties: + rawKey: + description: 'RawKey specifies a 256-bit customer-supplied + encryption key, encoded in RFC 4648 base64 to either + encrypt or decrypt this resource. You can provide + either the rawKey or the rsaEncryptedKey. For example: + "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="' + format: byte + type: string + rsaEncryptedKey: + description: 'RSAEncryptedKey specifies an RFC 4648 + base64 encoded, RSA-wrapped 2048-bit customer-supplied + encryption key to either encrypt or decrypt this resource. + You can provide either the rawKey or the rsaEncryptedKey. + For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi + z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi + D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" + The key must meet the following requirements before + you can provide it to Compute Engine: 1. The key is + wrapped using a RSA public key certificate provided + by Google. 2. After being wrapped, the key must be + encoded in RFC 4648 base64 encoding. Gets the RSA + public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem' + format: byte + type: string + type: object + required: + - keyType + type: object + size: + description: Size is the size of the disk in GBs. Defaults to + 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to + an instance, in addition to the ones added by default by the GCP + provider. If both the GCPCluster and the GCPMachine specify the + same tag name with different values, the GCPMachine's value takes + precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to + add to an instance, in addition to the ones added by default by + the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated + with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that + should be applied to the instance. These tags are set in addition + to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + confidentialCompute: + description: ConfidentialCompute Defines whether the instance should + have confidential compute enabled. If enabled OnHostMaintenance + is required to be set to "Terminate". If omitted, the platform chooses + a default, which is subject to change over time, currently that + default is false. + enum: + - Enabled + - Disabled + type: string + image: + description: Image is the full reference to a valid image to be used + for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family + to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: + n1.standard-2' + type: string + ipForwarding: + default: Enabled + description: IPForwarding Allows this instance to send and receive + packets with non-matching destination or source IPs. This is required + if you plan to use this instance to forward routes. Defaults to + enabled. + enum: + - Enabled + - Disabled + type: string + onHostMaintenance: + description: OnHostMaintenance determines the behavior when a maintenance + event occurs that might cause the instance to reboot. If omitted, + the platform chooses a default, which is subject to change over + time, currently that default is "Migrate". + enum: + - Migrate + - Terminate + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a + public IP. Set this to true if you don't have a NAT instances or + Cloud Nat setup. + type: boolean + resourceManagerTags: + description: ResourceManagerTags is an optional set of tags to apply + to GCP resources managed by the GCP provider. GCP supports a maximum + of 50 tags per resource. + items: + description: ResourceManagerTag is a tag to apply to GCP resources + managed by the GCP provider. + properties: + key: + description: Key is the key part of the tag. A tag key can have + a maximum of 63 characters and cannot be empty. Tag key must + begin and end with an alphanumeric character, and must contain + only uppercase, lowercase alphanumeric characters, and the + following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: ParentID is the ID of the hierarchical resource + where the tags are defined e.g. at the Organization or the + Project level. To find the Organization or Project ID ref + https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects + An OrganizationID must consist of decimal numbers, and cannot + have leading zeroes. A ProjectID must be 6 to 30 characters + in length, can only contain lowercase letters, numbers, and + hyphens, and must start with a letter, and cannot end with + a hyphen. + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: Value is the value part of the tag. A tag value + can have a maximum of 63 characters and cannot be empty. Tag + value must begin and end with an alphanumeric character, and + must contain only uppercase, lowercase alphanumeric characters, + and the following special characters `_-.@%=+:,*#&(){}[]` + and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + type: array + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. + Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported + types of root volumes: 1. "pd-standard" - Standard (HDD) persistent + disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + rootDiskEncryptionKey: + description: RootDiskEncryptionKey defines the KMS key to be used + to encrypt the root disk. + properties: + keyType: + description: KeyType is the type of encryption key. Must be either + Managed, aka Customer-Managed Encryption Key (CMEK) or Supplied, + aka Customer-Supplied EncryptionKey (CSEK). + enum: + - Managed + - Supplied + type: string + kmsKeyServiceAccount: + description: 'KMSKeyServiceAccount is the service account being + used for the encryption request for the given KMS key. If absent, + the Compute Engine default service account is used. For example: + "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. + The maximum length is based on the Service Account ID (max 30), + Project (max 30), and a valid gcloud email suffix ("iam.gserviceaccount.com").' + maxLength: 85 + pattern: '[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com' + type: string + managedKey: + description: ManagedKey references keys managed by the Cloud Key + Management Service. This should be set when KeyType is Managed. + properties: + kmsKeyName: + description: 'KMSKeyName is the name of the encryption key + that is stored in Google Cloud KMS. For example: "kmsKeyName": + "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key' + maxLength: 160 + pattern: projects\/[-_[A-Za-z0-9]+\/locations\/[-_[A-Za-z0-9]+\/keyRings\/[-_[A-Za-z0-9]+\/cryptoKeys\/[-_[A-Za-z0-9]+ + type: string + type: object + suppliedKey: + description: SuppliedKey provides the key used to create or manage + a disk. This should be set when KeyType is Managed. + maxProperties: 1 + minProperties: 1 + properties: + rawKey: + description: 'RawKey specifies a 256-bit customer-supplied + encryption key, encoded in RFC 4648 base64 to either encrypt + or decrypt this resource. You can provide either the rawKey + or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="' + format: byte + type: string + rsaEncryptedKey: + description: 'RSAEncryptedKey specifies an RFC 4648 base64 + encoded, RSA-wrapped 2048-bit customer-supplied encryption + key to either encrypt or decrypt this resource. You can + provide either the rawKey or the rsaEncryptedKey. For example: + "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi + z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi + D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" + The key must meet the following requirements before you + can provide it to Compute Engine: 1. The key is wrapped + using a RSA public key certificate provided by Google. 2. + After being wrapped, the key must be encoded in RFC 4648 + base64 encoding. Gets the RSA public key certificate provided + by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem' + format: byte + type: string + type: object + required: + - keyType + type: object + serviceAccounts: + description: 'ServiceAccount specifies the service account email and + which scopes to assign to the machine. Defaults to: email: "default", + scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available + for this service account.' + items: + type: string + type: array + type: object + shieldedInstanceConfig: + description: ShieldedInstanceConfig is the Shielded VM configuration + for this machine + properties: + integrityMonitoring: + description: IntegrityMonitoring determines whether the instance + should have integrity monitoring that verify the runtime boot + integrity. Compares the most recent boot measurements to the + integrity policy baseline and return a pair of pass/fail results + depending on whether they match or not. If omitted, the platform + chooses a default, which is subject to change over time, currently + that default is Enabled. + enum: + - Enabled + - Disabled + type: string + secureBoot: + description: SecureBoot Defines whether the instance should have + secure boot enabled. Secure Boot verify the digital signature + of all boot components, and halting the boot process if signature + verification fails. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is Disabled. + enum: + - Enabled + - Disabled + type: string + virtualizedTrustedPlatformModule: + description: VirtualizedTrustedPlatformModule enable virtualized + trusted platform module measurements to create a known good + boot integrity policy baseline. The integrity policy baseline + is used for comparison with measurements from subsequent VM + boots to determine if anything has changed. If omitted, the + platform chooses a default, which is subject to change over + time, currently that default is Enabled. + enum: + - Enabled + - Disabled + type: string + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this + instance. If not specified, the first subnetwork retrieved from + the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + status: + description: GCPMachineStatus defines the observed state of GCPMachine. + properties: + addresses: + description: Addresses contains the GCP instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceStatus is the status of the GCP instance for + this machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capg-system/capg-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpmachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capg-webhook-service + namespace: capg-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPMachineTemplate + listKind: GCPMachineTemplateList + plural: gcpmachinetemplates + singular: gcpmachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: GCPMachineTemplate is the Schema for the gcpmachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. + properties: + template: + description: GCPMachineTemplateResource describes the data needed + to create am GCPMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached + disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached + disk. Supported types of non-root attached volumes: + 1. "pd-standard" - Standard (HDD) persistent disk + 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - + Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). + Default is "pd-standard".' + type: string + encryptionKey: + description: EncryptionKey defines the KMS key to be + used to encrypt the disk. + properties: + keyType: + description: KeyType is the type of encryption key. + Must be either Managed, aka Customer-Managed Encryption + Key (CMEK) or Supplied, aka Customer-Supplied + EncryptionKey (CSEK). + enum: + - Managed + - Supplied + type: string + kmsKeyServiceAccount: + description: 'KMSKeyServiceAccount is the service + account being used for the encryption request + for the given KMS key. If absent, the Compute + Engine default service account is used. For example: + "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. + The maximum length is based on the Service Account + ID (max 30), Project (max 30), and a valid gcloud + email suffix ("iam.gserviceaccount.com").' + maxLength: 85 + pattern: '[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com' + type: string + managedKey: + description: ManagedKey references keys managed + by the Cloud Key Management Service. This should + be set when KeyType is Managed. + properties: + kmsKeyName: + description: 'KMSKeyName is the name of the + encryption key that is stored in Google Cloud + KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key' + maxLength: 160 + pattern: projects\/[-_[A-Za-z0-9]+\/locations\/[-_[A-Za-z0-9]+\/keyRings\/[-_[A-Za-z0-9]+\/cryptoKeys\/[-_[A-Za-z0-9]+ + type: string + type: object + suppliedKey: + description: SuppliedKey provides the key used to + create or manage a disk. This should be set when + KeyType is Managed. + maxProperties: 1 + minProperties: 1 + properties: + rawKey: + description: 'RawKey specifies a 256-bit customer-supplied + encryption key, encoded in RFC 4648 base64 + to either encrypt or decrypt this resource. + You can provide either the rawKey or the rsaEncryptedKey. + For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="' + format: byte + type: string + rsaEncryptedKey: + description: 'RSAEncryptedKey specifies an RFC + 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either + encrypt or decrypt this resource. You can + provide either the rawKey or the rsaEncryptedKey. + For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi + z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi + D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" + The key must meet the following requirements + before you can provide it to Compute Engine: + 1. The key is wrapped using a RSA public key + certificate provided by Google. 2. After being + wrapped, the key must be encoded in RFC 4648 + base64 encoding. Gets the RSA public key certificate + provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem' + format: byte + type: string + type: object + required: + - keyType + type: object + size: + description: Size is the size of the disk in GBs. Defaults + to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to + add to an instance, in addition to the ones added by default + by the GCP provider. If both the GCPCluster and the GCPMachine + specify the same tag name with different values, the GCPMachine's + value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata + to add to an instance, in addition to the ones added by + default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata + associated with an instance. + properties: + key: + description: Key is the identifier for the metadata + entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags + that should be applied to the instance. These tags are set + in addition to any network tags defined at the cluster level + or in the actuator. + items: + type: string + type: array + confidentialCompute: + description: ConfidentialCompute Defines whether the instance + should have confidential compute enabled. If enabled OnHostMaintenance + is required to be set to "Terminate". If omitted, the platform + chooses a default, which is subject to change over time, + currently that default is false. + enum: + - Enabled + - Disabled + type: string + image: + description: Image is the full reference to a valid image + to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid + image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: n1.standard-2' + type: string + ipForwarding: + default: Enabled + description: IPForwarding Allows this instance to send and + receive packets with non-matching destination or source + IPs. This is required if you plan to use this instance to + forward routes. Defaults to enabled. + enum: + - Enabled + - Disabled + type: string + onHostMaintenance: + description: OnHostMaintenance determines the behavior when + a maintenance event occurs that might cause the instance + to reboot. If omitted, the platform chooses a default, which + is subject to change over time, currently that default is + "Migrate". + enum: + - Migrate + - Terminate + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should + get a public IP. Set this to true if you don't have a NAT + instances or Cloud Nat setup. + type: boolean + resourceManagerTags: + description: ResourceManagerTags is an optional set of tags + to apply to GCP resources managed by the GCP provider. GCP + supports a maximum of 50 tags per resource. + items: + description: ResourceManagerTag is a tag to apply to GCP + resources managed by the GCP provider. + properties: + key: + description: Key is the key part of the tag. A tag key + can have a maximum of 63 characters and cannot be + empty. Tag key must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: ParentID is the ID of the hierarchical + resource where the tags are defined e.g. at the Organization + or the Project level. To find the Organization or + Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects + An OrganizationID must consist of decimal numbers, + and cannot have leading zeroes. A ProjectID must be + 6 to 30 characters in length, can only contain lowercase + letters, numbers, and hyphens, and must start with + a letter, and cannot end with a hyphen. + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: Value is the value part of the tag. A tag + value can have a maximum of 63 characters and cannot + be empty. Tag value must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + type: array + rootDeviceSize: + description: RootDeviceSize is the size of the root volume + in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. + Supported types of root volumes: 1. "pd-standard" - Standard + (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk + Default is "pd-standard".' + type: string + rootDiskEncryptionKey: + description: RootDiskEncryptionKey defines the KMS key to + be used to encrypt the root disk. + properties: + keyType: + description: KeyType is the type of encryption key. Must + be either Managed, aka Customer-Managed Encryption Key + (CMEK) or Supplied, aka Customer-Supplied EncryptionKey + (CSEK). + enum: + - Managed + - Supplied + type: string + kmsKeyServiceAccount: + description: 'KMSKeyServiceAccount is the service account + being used for the encryption request for the given + KMS key. If absent, the Compute Engine default service + account is used. For example: "kmsKeyServiceAccount": + "name@project_id.iam.gserviceaccount.com. The maximum + length is based on the Service Account ID (max 30), + Project (max 30), and a valid gcloud email suffix ("iam.gserviceaccount.com").' + maxLength: 85 + pattern: '[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com' + type: string + managedKey: + description: ManagedKey references keys managed by the + Cloud Key Management Service. This should be set when + KeyType is Managed. + properties: + kmsKeyName: + description: 'KMSKeyName is the name of the encryption + key that is stored in Google Cloud KMS. For example: + "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key' + maxLength: 160 + pattern: projects\/[-_[A-Za-z0-9]+\/locations\/[-_[A-Za-z0-9]+\/keyRings\/[-_[A-Za-z0-9]+\/cryptoKeys\/[-_[A-Za-z0-9]+ + type: string + type: object + suppliedKey: + description: SuppliedKey provides the key used to create + or manage a disk. This should be set when KeyType is + Managed. + maxProperties: 1 + minProperties: 1 + properties: + rawKey: + description: 'RawKey specifies a 256-bit customer-supplied + encryption key, encoded in RFC 4648 base64 to either + encrypt or decrypt this resource. You can provide + either the rawKey or the rsaEncryptedKey. For example: + "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="' + format: byte + type: string + rsaEncryptedKey: + description: 'RSAEncryptedKey specifies an RFC 4648 + base64 encoded, RSA-wrapped 2048-bit customer-supplied + encryption key to either encrypt or decrypt this + resource. You can provide either the rawKey or the + rsaEncryptedKey. For example: "rsaEncryptedKey": + "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi + z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi + D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" + The key must meet the following requirements before + you can provide it to Compute Engine: 1. The key + is wrapped using a RSA public key certificate provided + by Google. 2. After being wrapped, the key must + be encoded in RFC 4648 base64 encoding. Gets the + RSA public key certificate provided by Google at: + https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem' + format: byte + type: string + type: object + required: + - keyType + type: object + serviceAccounts: + description: 'ServiceAccount specifies the service account + email and which scopes to assign to the machine. Defaults + to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available + for this service account.' + items: + type: string + type: array + type: object + shieldedInstanceConfig: + description: ShieldedInstanceConfig is the Shielded VM configuration + for this machine + properties: + integrityMonitoring: + description: IntegrityMonitoring determines whether the + instance should have integrity monitoring that verify + the runtime boot integrity. Compares the most recent + boot measurements to the integrity policy baseline and + return a pair of pass/fail results depending on whether + they match or not. If omitted, the platform chooses + a default, which is subject to change over time, currently + that default is Enabled. + enum: + - Enabled + - Disabled + type: string + secureBoot: + description: SecureBoot Defines whether the instance should + have secure boot enabled. Secure Boot verify the digital + signature of all boot components, and halting the boot + process if signature verification fails. If omitted, + the platform chooses a default, which is subject to + change over time, currently that default is Disabled. + enum: + - Enabled + - Disabled + type: string + virtualizedTrustedPlatformModule: + description: VirtualizedTrustedPlatformModule enable virtualized + trusted platform module measurements to create a known + good boot integrity policy baseline. The integrity policy + baseline is used for comparison with measurements from + subsequent VM boots to determine if anything has changed. + If omitted, the platform chooses a default, which is + subject to change over time, currently that default + is Enabled. + enum: + - Enabled + - Disabled + type: string + type: object + subnet: + description: Subnet is a reference to the subnetwork to use + for this instance. If not specified, the first subnetwork + retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpmanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPManagedCluster + listKind: GCPManagedClusterList + plural: gcpmanagedclusters + shortNames: + - gcpmc + singular: gcpmanagedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for GCE instances + jsonPath: .status.ready + name: Ready + type: string + - description: GCP network the cluster is using + jsonPath: .spec.network.name + name: Network + type: string + - description: API Endpoint + jsonPath: .status.apiEndpoints[0] + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPManagedCluster is the Schema for the gcpmanagedclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPManagedClusterSpec defines the desired state of GCPManagedCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to + GCP resources managed by the GCP provider, in addition to the ones + added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsRef: + description: CredentialsRef is a reference to a Secret that contains + the credentials to use for provisioning this cluster. If not supplied + then the credentials of the controller will be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + - namespace + type: object + network: + description: NetworkSpec encapsulates all things related to the GCP + network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC + network is created in \"auto\" mode. When set to false, the + VPC network is created in \"custom\" mode. \n An auto mode VPC + network starts with one subnet per region. Each subnet has a + predetermined range as described in Auto mode VPC network IP + ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend + (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses + that are owned by this subnetwork. Provide this property + when you create the subnetwork. For example, 10.0.0.0/8 + or 192.168.0.0/16. Ranges must be unique and non-overlapping + within a network. Only IPv4 is supported. This field can + be set only at resource creation time. + type: string + description: + description: Description is an optional description associated + with the resource. + type: string + enableFlowLogs: + description: 'EnableFlowLogs: Whether to enable flow logging + for this subnetwork. If this field is not explicitly set, + it will not appear in get listings. If not set the default + behavior is to disable flow logging.' + type: boolean + name: + description: Name defines a unique identifier to reference + this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in + this subnet can access Google services without assigning + external IP addresses + type: boolean + purpose: + default: PRIVATE_RFC_1918 + description: "Purpose: The purpose of the resource. If unspecified, + the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs + field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - + Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" + - Regular user created or automatically created subnet. + \"PRIVATE_RFC_1918\" - Regular user created or automatically + created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks + created for Private Service Connect in the producer network. + \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional + Internal/External HTTP(S) Load Balancing." + enum: + - INTERNAL_HTTPS_LOAD_BALANCER + - PRIVATE_RFC_1918 + - PRIVATE + - PRIVATE_SERVICE_CONNECT + - REGIONAL_MANAGED_PROXY + type: string + region: + description: Region is the name of the region where the + Subnetwork resides. + type: string + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR + ranges, from which secondary IP ranges of a VM may be + allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster + to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + resourceManagerTags: + description: ResourceManagerTags is an optional set of tags to apply + to GCP resources managed by the GCP provider. GCP supports a maximum + of 50 tags per resource. + items: + description: ResourceManagerTag is a tag to apply to GCP resources + managed by the GCP provider. + properties: + key: + description: Key is the key part of the tag. A tag key can have + a maximum of 63 characters and cannot be empty. Tag key must + begin and end with an alphanumeric character, and must contain + only uppercase, lowercase alphanumeric characters, and the + following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: ParentID is the ID of the hierarchical resource + where the tags are defined e.g. at the Organization or the + Project level. To find the Organization or Project ID ref + https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects + An OrganizationID must consist of decimal numbers, and cannot + have leading zeroes. A ProjectID must be 6 to 30 characters + in length, can only contain lowercase letters, numbers, and + hyphens, and must start with a letter, and cannot end with + a hyphen. + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: Value is the value part of the tag. A tag value + can have a maximum of 63 characters and cannot be empty. Tag + value must begin and end with an alphanumeric character, and + must contain only uppercase, lowercase alphanumeric characters, + and the following special characters `_-.@%=+:,*#&(){}[]` + and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + type: array + required: + - project + - region + type: object + status: + description: GCPManagedClusterStatus defines the observed state of GCPManagedCluster. + properties: + conditions: + description: Conditions specifies the conditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + network: + description: Network encapsulates GCP networking resources. + properties: + apiServerBackendService: + description: APIServerBackendService is the full reference to + the backend service created for the API Server. + type: string + apiServerForwardingRule: + description: APIServerForwardingRule is the full reference to + the forwarding rule created for the API Server. + type: string + apiServerHealthCheck: + description: APIServerHealthCheck is the full reference to the + health check created for the API Server. + type: string + apiServerInstanceGroups: + additionalProperties: + type: string + description: APIServerInstanceGroups is a map from zone to the + full reference to the instance groups created for the control + plane nodes created in the same zone. + type: object + apiServerIpAddress: + description: APIServerAddress is the IPV4 global address assigned + to the load balancer created for the API Server. + type: string + apiServerTargetProxy: + description: APIServerTargetProxy is the full reference to the + target proxy created for the API Server. + type: string + firewallRules: + additionalProperties: + type: string + description: FirewallRules is a map from the name of the rule + to its full reference. + type: object + router: + description: Router is the full reference to the router created + within the network it'll contain the cloud nat gateway + type: string + selfLink: + description: SelfLink is the link to the Network used for this + cluster. + type: string + type: object + ready: + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpmanagedcontrolplanes.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPManagedControlPlane + listKind: GCPManagedControlPlaneList + plural: gcpmanagedcontrolplanes + shortNames: + - gcpmcp + singular: gcpmanagedcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPManagedControlPlane belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane is ready + jsonPath: .status.ready + name: Ready + type: string + - description: The current Kubernetes version + jsonPath: .status.currentVersion + name: CurrentVersion + type: string + - description: API Endpoint + jsonPath: .spec.endpoint + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPManagedControlPlane is the Schema for the gcpmanagedcontrolplanes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPManagedControlPlaneSpec defines the desired state of GCPManagedControlPlane. + properties: + clusterName: + description: ClusterName allows you to specify the name of the GKE + cluster. If you don't specify a name then a default name will be + created based on the namespace and name of the managed control plane. + type: string + controlPlaneVersion: + description: ControlPlaneVersion represents the control plane version + of the GKE cluster. If not specified, the default version currently + supported by GKE will be used. + type: string + enableAutopilot: + description: EnableAutopilot indicates whether to enable autopilot + for this GKE cluster. + type: boolean + endpoint: + description: Endpoint represents the endpoint used to communicate + with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + location: + description: Location represents the location (region or zone) in + which the GKE cluster will be created. + type: string + master_authorized_networks_config: + description: MasterAuthorizedNetworksConfig represents configuration + options for master authorized networks feature of the GKE cluster. + This feature is disabled if this field is not specified. + properties: + cidr_blocks: + description: cidr_blocks define up to 50 external networks that + could access Kubernetes master through HTTPS. + items: + description: MasterAuthorizedNetworksConfigCidrBlock contains + an optional name and one CIDR block. + properties: + cidr_block: + description: cidr_block must be specified in CIDR notation. + pattern: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:\/([0-9]|[1-2][0-9]|3[0-2]))?$|^([a-fA-F0-9:]+:+)+[a-fA-F0-9]+\/[0-9]{1,3}$ + type: string + display_name: + description: display_name is an field for users to identify + CIDR blocks. + type: string + type: object + type: array + gcp_public_cidrs_access_enabled: + description: Whether master is accessible via Google Compute Engine + Public IP addresses. + type: boolean + type: object + project: + description: Project is the name of the project to deploy the cluster + to. + type: string + releaseChannel: + description: ReleaseChannel represents the release channel of the + GKE cluster. + enum: + - rapid + - regular + - stable + type: string + required: + - location + - project + type: object + status: + description: GCPManagedControlPlaneStatus defines the observed state of + GCPManagedControlPlane. + properties: + conditions: + description: Conditions specifies the conditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentVersion: + description: CurrentVersion shows the current version of the GKE control + plane. + type: string + initialized: + description: Initialized is true when the control plane is available + for initial contact. This may occur before the control plane is + fully ready. + type: boolean + ready: + default: false + description: Ready denotes that the GCPManagedControlPlane API Server + is ready to receive requests. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + name: gcpmanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPManagedMachinePool + listKind: GCPManagedMachinePoolList + plural: gcpmanagedmachinepools + shortNames: + - gcpmmp + singular: gcpmanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ready + name: Ready + type: string + - jsonPath: .status.replicas + name: Replicas + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPManagedMachinePool is the Schema for the gcpmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPManagedMachinePoolSpec defines the desired state of GCPManagedMachinePool. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to + GCP resources managed by the GCP provider, in addition to the ones + added by default. + type: object + diskSizeGB: + description: DiskSizeGB is size of the disk attached to each node, + specified in GB. + format: int64 + minimum: 10 + type: integer + diskSizeGb: + description: DiskSizeGb is the size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. If unspecified, + the default disk size is 100GB. + format: int32 + type: integer + diskType: + description: DiskType is type of the disk attached to each node. + enum: + - pd-standard + - pd-ssd + - pd-balanced + type: string + imageType: + description: ImageType is image type to use for this nodepool. + type: string + instanceType: + description: InstanceType is name of Compute Engine machine type. + type: string + kubernetesLabels: + additionalProperties: + type: string + description: KubernetesLabels specifies the labels to apply to the + nodes of the node pool. + type: object + kubernetesTaints: + description: KubernetesTaints specifies the taints to apply to the + nodes of the node pool. + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint. + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + linuxNodeConfig: + description: LinuxNodeConfig specifies the settings for Linux agent + nodes. + properties: + cgroupMode: + description: CgroupMode specifies the cgroup mode for this node + pool. + format: int32 + type: integer + sysctls: + description: Sysctls specifies the sysctl settings for this node + pool. + items: + description: SysctlConfig specifies the sysctl settings for + Linux nodes. + properties: + parameter: + description: Parameter specifies sysctl parameter name. + type: string + value: + description: Value specifies sysctl parameter value. + type: string + type: object + type: array + type: object + localSsdCount: + description: LocalSsdCount is the number of local SSD disks to be + attached to the node. + format: int32 + type: integer + machineType: + description: MachineType is the name of a Google Compute Engine [machine + type](https://cloud.google.com/compute/docs/machine-types). If unspecified, + the default machine type is `e2-medium`. + type: string + management: + description: Management specifies the node pool management options. + properties: + autoRepair: + description: AutoRepair specifies whether the node auto-repair + is enabled for the node pool. If enabled, the nodes in this + node pool will be monitored and, if they fail health checks + too many times, an automatic repair action will be triggered. + type: boolean + autoUpgrade: + description: AutoUpgrade specifies whether node auto-upgrade is + enabled for the node pool. If enabled, node auto-upgrade helps + keep the nodes in your node pool up to date with the latest + release version of Kubernetes. + type: boolean + type: object + maxPodsPerNode: + description: MaxPodsPerNode is constraint enforced on the max num + of pods per node. + format: int64 + maximum: 256 + minimum: 8 + type: integer + nodeLocations: + description: NodeLocations is the list of zones in which the NodePool's + nodes should be located. + items: + type: string + type: array + nodeNetwork: + description: NodeNetwork specifies the node network configuration + options. + properties: + createPodRange: + description: CreatePodRange specifies whether to create a new + range for pod IPs in this node pool. + type: boolean + podRangeCidrBlock: + description: PodRangeCidrBlock is the IP address range for pod + IPs in this node pool. + type: string + podRangeName: + description: PodRangeName is ID of the secondary range for pod + IPs. + type: string + tags: + description: Tags is list of instance tags applied to all nodes. + Tags are used to identify valid sources or targets for network + firewalls. + items: + type: string + type: array + type: object + nodePoolName: + description: NodePoolName specifies the name of the GKE node pool + corresponding to this MachinePool. If you don't specify a name then + a default name will be created based on the namespace and name of + the managed machine pool. + type: string + nodeSecurity: + description: NodeSecurity specifies the node security options. + properties: + enableIntegrityMonitoring: + description: EnableIntegrityMonitoring defines whether the instance + has integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: EnableSecureBoot defines whether the instance has + Secure Boot enabled. + type: boolean + sandboxType: + description: SandboxType is type of the sandbox to use for the + node. + type: string + serviceAccount: + description: ServiceAccount specifies the identity details for + node pool. + properties: + email: + description: Email is the Google Cloud Platform Service Account + to be used by the node VMs. + type: string + scopes: + description: Scopes is a set of Google API scopes to be made + available on all of the node VMs under the "default" service + account. + items: + type: string + type: array + type: object + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + managed instance group corresponding to the nodegroup represented + by this machine pool + items: + type: string + type: array + scaling: + description: Scaling specifies scaling for the node pool + properties: + enableAutoscaling: + description: Is autoscaling enabled for this node pool. If unspecified, + the default value is true. + type: boolean + locationPolicy: + description: Location policy used when scaling up a nodepool. + enum: + - balanced + - any + type: string + maxCount: + description: MaxCount specifies the maximum number of nodes in + the node pool + format: int32 + type: integer + minCount: + description: MinCount specifies the minimum number of nodes in + the node pool + format: int32 + type: integer + type: object + type: object + status: + description: GCPManagedMachinePoolStatus defines the observed state of + GCPManagedMachinePool. + properties: + conditions: + description: Conditions specifies the cpnditions for the managed machine + pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + default: false + description: Ready denotes that the GCPManagedMachinePool has joined + the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-manager + namespace: capg-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-leader-election-role + namespace: capg-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedclusters/finalizers + verbs: + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedcontrolplanes/finalizers + verbs: + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedmachinepools/finalizers + verbs: + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpmanagedmachinepools/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-leader-election-rolebinding + namespace: capg-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capg-leader-election-role +subjects: +- kind: ServiceAccount + name: capg-manager + namespace: capg-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capg-manager-role +subjects: +- kind: ServiceAccount + name: capg-manager + namespace: capg-system +--- +apiVersion: v1 +data: + credentials.json: ${GCP_B64ENCODED_CREDENTIALS} +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-manager-bootstrap-credentials + namespace: capg-system +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-webhook-service + namespace: capg-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-gcp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + control-plane: capg-controller-manager + name: capg-controller-manager + namespace: capg-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-gcp + control-plane: capg-controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + control-plane: capg-controller-manager + spec: + containers: + - args: + - --leader-elect + - --feature-gates=GKE=${EXP_CAPG_GKE:=false} + - --diagnostics-address=${CAPG_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPG_INSECURE_DIAGNOSTICS:=false} + - --v=${CAPG_LOGLEVEL:=0} + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /home/.gcp/credentials.json + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/cluster-api-gcp/cluster-api-gcp-controller:v1.6.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: ${CAPG_DIAGNOSTICS_PORT:=8443} + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /home/.gcp + name: credentials + serviceAccountName: capg-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capg-webhook-service-cert + - name: credentials + secret: + secretName: capg-manager-bootstrap-credentials +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-serving-cert + namespace: capg-system +spec: + dnsNames: + - capg-webhook-service.capg-system.svc + - capg-webhook-service.capg-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capg-selfsigned-issuer + secretName: capg-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-selfsigned-issuer + namespace: capg-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capg-system/capg-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpcluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.gcpcluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpclusters + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.gcpclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.gcpmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmachines + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.gcpmachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmanagedcluster + failurePolicy: Fail + name: mgcpmanagedcluster.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmanagedcontrolplane + failurePolicy: Fail + name: mgcpmanagedcontrolplane.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmanagedmachinepool + failurePolicy: Fail + name: mgcpmanagedmachinepool.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmanagedmachinepools + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capg-system/capg-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-gcp + name: capg-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpcluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.gcpcluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpclusters + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.gcpclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.gcpmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmachines + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.gcpmachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmanagedcluster + failurePolicy: Fail + name: vgcpmanagedcluster.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmanagedclusters + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmanagedcontrolplane + failurePolicy: Fail + name: vgcpmanagedcontrolplane.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmanagedcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: capg-webhook-service + namespace: capg-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-gcpmanagedmachinepool + failurePolicy: Fail + name: vgcpmanagedmachinepool.kb.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gcpmanagedmachinepools + sideEffects: None diff --git a/files/cluster-api-provider-gcp/v1.6.0/metadata.yaml b/files/cluster-api-provider-gcp/v1.6.0/metadata.yaml new file mode 100644 index 00000000..359f6781 --- /dev/null +++ b/files/cluster-api-provider-gcp/v1.6.0/metadata.yaml @@ -0,0 +1,34 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +releaseSeries: + - major: 0 + minor: 3 + contract: v1alpha3 + - major: 0 + minor: 4 + contract: v1alpha4 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 diff --git a/files/cluster-api/v1.5.6/bootstrap-components.yaml b/files/cluster-api/v1.5.6/bootstrap-components.yaml new file mode 100644 index 00000000..094b86ea --- /dev/null +++ b/files/cluster-api/v1.5.6/bootstrap-components.yaml @@ -0,0 +1,6630 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfig + listKind: KubeadmConfigList + plural: kubeadmconfigs + singular: kubeadmconfig + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `k8s.gcr.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `k8s.gcr.io` will be used for all the other + images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should be + used for Kubernetes components instead of their respective separate + images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information TODO: revisit when there + is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + bootstrapData: + description: "BootstrapData will be a cloud-init script for now. \n + Deprecated: Switch to DataSecretName." + format: byte + type: string + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `registry.k8s.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for all the + other images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfig is the Schema for the kubeadmconfigs API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry to pull + images from. * If not set, the default registry of kubeadm will + be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): + all older versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= v1.22.0 which + use the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, >= + v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI + build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for + control plane components and for kube-proxy, while `registry.k8s.io` + will be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated by + the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should be + strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm init". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm join". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and this + field will be removed in a future release. When removing also remove + from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfigTemplate + listKind: KubeadmConfigTemplateList + plural: kubeadmconfigtemplates + singular: kubeadmconfigtemplate + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `k8s.gcr.io` will be + used by default; in case of kubernetes version is a + CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default + for control plane components and for kube-proxy, while + `k8s.gcr.io` will be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information TODO: revisit + when there is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` will + be used by default; in case of kubernetes version is + a CI build (kubernetes version starts with `ci/` or + `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be + used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new + registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= + v1.25.0 * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we + don''t allow upgrades to versions >= v1.22.0 which use + the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used + for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition configuration + generated by the bootstrapper controller. More info: + https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated + as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. When + removing also remove from staticcheck exclude-rules for + SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-role + namespace: capi-kubeadm-bootstrap-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/finalizers + - kubeadmconfigs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-rolebinding + namespace: capi-kubeadm-bootstrap-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-bootstrap-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-bootstrap-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} + command: + - /manager + image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-bootstrap-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-serving-cert + namespace: capi-kubeadm-bootstrap-system +spec: + dnsNames: + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-bootstrap-selfsigned-issuer + secretName: capi-kubeadm-bootstrap-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-selfsigned-issuer + namespace: capi-kubeadm-bootstrap-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None diff --git a/files/cluster-api/v1.5.6/cluster-api-components.yaml b/files/cluster-api/v1.5.6/cluster-api-components.yaml new file mode 100644 index 00000000..069219df --- /dev/null +++ b/files/cluster-api/v1.5.6/cluster-api-components.yaml @@ -0,0 +1,25243 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterclasses.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterClass + listKind: ClusterClassList + plural: clusterclasses + shortNames: + - cc + singular: clusterclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterClass is a template which can be used to create managed + topologies. \n Deprecated: This type will be removed in one of the next + releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineInfrastructure: + description: "MachineTemplate defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged with + the corresponding metadata from the topology. \n This field + is supported if and only if the control plane provider template + referenced is Machine based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterClass is a template which can be used to create managed + topologies. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck for + this ControlPlaneClass. This field is supported if and only + if the ControlPlane provider template referenced above is Machine + based and supports setting replicas. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at + most "MaxUnhealthy" machines selected by "selector" are + not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node + will be considered to have failed and will be remediated. + If you wish to disable this feature, set the value explicitly + to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This + field is completely optional, when filled, the MachineHealthCheck + controller creates a new object from the template referenced + and hands off remediation of the machine to a controller + that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The + conditions are combined in a logical OR, i.e. if any of + the conditions is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for at + least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the + number of machines selected by "selector" as not healthy + is within the range of "UnhealthyRange". Takes precedence + over MaxUnhealthy. Eg. "[3-5]" - This means that remediation + will be allowed only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + machineInfrastructure: + description: "MachineInfrastructure defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced is machine based. If not, it is applied only to the + ControlPlane. At runtime this metadata is merged with the corresponding + metadata from the topology. \n This field is supported if and + only if the control plane provider template referenced is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the control plane provider object. + properties: + template: + description: 'Template defines the template to use for generating + the name of the ControlPlane object. If not defined, it + will fallback to `{{ .cluster.name }}-{{ .random }}`. If + the templated string exceeds 63 characters, it will be trimmed + to 58 characters and will get concatenated with a random + suffix of length 5. The templating mechanism provides the + following arguments: * `.cluster.name`: The name of the + cluster object. * `.random`: A random alphanumeric string, + without vowels, of length 5.' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will retry + deletion indefinitely. Defaults to 10 seconds. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a node. The default value + is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl + drain --timeout` NOTE: This value can be overridden while defining + a Cluster.Topology.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + patches: + description: 'Patches defines the patches which are applied to customize + referenced templates of a ClusterClass. Note: Patches will be applied + in the order of the array.' + items: + description: ClusterClassPatch defines a patch which is applied + to customize the referenced templates. + properties: + definitions: + description: 'Definitions define inline patches. Note: Patches + will be applied in the order of the array. Note: Exactly one + of Definitions or External must be set.' + items: + description: PatchDefinition defines a patch which is applied + to customize the referenced templates. + properties: + jsonPatches: + description: 'JSONPatches defines the patches which should + be applied on the templates matching the selector. Note: + Patches will be applied in the order of the array.' + items: + description: JSONPatch defines a JSON patch. + properties: + op: + description: 'Op defines the operation of the patch. + Note: Only `add`, `replace` and `remove` are supported.' + type: string + path: + description: 'Path defines the path of the patch. + Note: Only the spec of a template can be patched, + thus the path has to start with /spec/. Note: + For now the only allowed array modifications are + `append` and `prepend`, i.e.: * for op: `add`: + only index 0 (prepend) and - (append) are allowed + * for op: `replace` or `remove`: no indexes are + allowed' + type: string + value: + description: 'Value defines the value of the patch. + Note: Either Value or ValueFrom is required for + add and replace operations. Only one of them is + allowed to be set at the same time. Note: We have + to use apiextensionsv1.JSON instead of our JSON + type, because controller-tools has a hard-coded + schema for apiextensionsv1.JSON which cannot be + produced by another type (unset type field). Ref: + https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: 'ValueFrom defines the value of the + patch. Note: Either Value or ValueFrom is required + for add and replace operations. Only one of them + is allowed to be set at the same time.' + properties: + template: + description: 'Template is the Go template to + be used to calculate the value. A template + can reference variables defined in .spec.variables + and builtin variables. Note: The template + must evaluate to a valid YAML or JSON value.' + type: string + variable: + description: Variable is the variable to be + used as value. Variable can be one of the + variables defined in .spec.variables or a + builtin variable. + type: string + type: object + required: + - op + - path + type: object + type: array + selector: + description: Selector defines on which templates the patch + should be applied. + properties: + apiVersion: + description: APIVersion filters templates by apiVersion. + type: string + kind: + description: Kind filters templates by kind. + type: string + matchResources: + description: MatchResources selects templates based + on where they are referenced. + properties: + controlPlane: + description: 'ControlPlane selects templates referenced + in .spec.ControlPlane. Note: this will match + the controlPlane and also the controlPlane machineInfrastructure + (depending on the kind and apiVersion).' + type: boolean + infrastructureCluster: + description: InfrastructureCluster selects templates + referenced in .spec.infrastructure. + type: boolean + machineDeploymentClass: + description: MachineDeploymentClass selects templates + referenced in specific MachineDeploymentClasses + in .spec.workers.machineDeployments. + properties: + names: + description: Names selects templates by class + names. + items: + type: string + type: array + type: object + type: object + required: + - apiVersion + - kind + - matchResources + type: object + required: + - jsonPatches + - selector + type: object + type: array + description: + description: Description is a human-readable description of + this patch. + type: string + enabledIf: + description: EnabledIf is a Go template to be used to calculate + if a patch should be enabled. It can reference variables defined + in .spec.variables and builtin variables. The patch will be + enabled if the template evaluates to `true`, otherwise it + will be disabled. If EnabledIf is not set, the patch will + be enabled per default. + type: string + external: + description: 'External defines an external patch. Note: Exactly + one of Definitions or External must be set.' + properties: + discoverVariablesExtension: + description: DiscoverVariablesExtension references an extension + which is called to discover variables. + type: string + generateExtension: + description: GenerateExtension references an extension which + is called to generate patches. + type: string + settings: + additionalProperties: + type: string + description: Settings defines key value pairs to be passed + to the extensions. Values defined here take precedence + over the values defined in the corresponding ExtensionConfig. + type: object + validateExtension: + description: ValidateExtension references an extension which + is called to validate the topology. + type: string + type: object + name: + description: Name of the patch. + type: string + required: + - name + type: object + type: array + variables: + description: Variables defines the variables which can be configured + in the Cluster topology and are then used in patches. + items: + description: ClusterClassVariable defines a variable which can be + configured in the Cluster topology and used in patches. + properties: + name: + description: Name of the variable. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of a variable + via OpenAPI v3 schema. The schema is a subset of the schema + used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the schema + of values in a map (keys are always strings). NOTE: + Can only be set if type is object. NOTE: AdditionalProperties + is mutually exclusive with Properties. NOTE: This + field uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of the variable. + NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values of the + variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the Maximum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the Minimum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. NOTE: + Can only be set if type is array. NOTE: This field + uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer or + number variable. If ExclusiveMaximum is false, the + variable is valid if it is lower than, or equal to, + the value of Maximum. If ExclusiveMaximum is true, + the variable is valid if it is strictly lower than + the value of Maximum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer or + number variable. If ExclusiveMinimum is false, the + variable is valid if it is greater than, or equal + to, the value of Minimum. If ExclusiveMinimum is true, + the variable is valid if it is strictly greater than + the value of Minimum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string variable + must match. NOTE: Can only be set if type is string.' + type: string + properties: + description: 'Properties specifies fields of an object. + NOTE: Can only be set if type is object. NOTE: Properties + is mutually exclusive with AdditionalProperties. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields of an + object are required. NOTE: Can only be set if type + is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. Valid + values are: object, array, string, integer, number + or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in an array + must be unique. NOTE: Can only be set if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields + in a variable object which are not defined in the + variable schema. This affects fields recursively, + except if nested properties or additionalProperties + are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - name + - required + - schema + type: object + type: array + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + failureDomain: + description: 'FailureDomain is the failure domain the machines + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck + for this MachineDeploymentClass. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to + a remediation template provided by an infrastructure + provider. \n This field is completely optional, when + filled, the MachineHealthCheck controller creates + a new object from the template referenced and hands + off remediation of the machine to a controller that + lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of + the conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node + is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has been + in the given status for at least the timeout value, + a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - + This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + format: int32 + type: integer + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the MachineDeployment. + properties: + template: + description: 'Template defines the template to use for + generating the name of the MachineDeployment object. + If not defined, it will fallback to `{{ .cluster.name + }}-{{ .machineDeployment.topologyName }}-{{ .random + }}`. If the templated string exceeds 63 characters, + it will be trimmed to 58 characters and will get concatenated + with a random suffix of length 5. The templating mechanism + provides the following arguments: * `.cluster.name`: + The name of the cluster object. * `.random`: A random + alphanumeric string, without vowels, of length 5. + * `.machineDeployment.topologyName`: The name of the + MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + strategy: + description: 'The deployment strategy to use to replace + existing machines with new ones. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + properties: + rollingUpdate: + description: Rolling update config params. Present only + if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used + by the MachineDeployment to identify nodes to + delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be scheduled above the desired number of machines. + Value can be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). This can not be + 0 if MaxUnavailable is 0. Absolute number is calculated + from percentage by rounding up. Defaults to 1. + Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling + update starts, such that the total number of old + and new machines do not exceed 130% of desired + machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring + that total number of machines running at any time + during the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be unavailable during the update. Value can + be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to + 0. Example: when this is set to 30%, the old MachineSet + can be scaled down to 70% of desired machines + immediately when the rolling update starts. Once + new machines are ready, old MachineSet can be + scaled down further, followed by scaling up the + new MachineSet, ensuring that the total number + of machines available at all times during the + update is at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + status: + description: ClusterClassStatus defines the observed state of the ClusterClass. + properties: + conditions: + description: Conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + variables: + description: Variables is a list of ClusterClassStatusVariable that + are defined for the ClusterClass. + items: + description: ClusterClassStatusVariable defines a variable which + appears in the status of a ClusterClass. + properties: + definitions: + description: Definitions is a list of definitions for a variable. + items: + description: ClusterClassStatusVariableDefinition defines + a variable which appears in the status of a ClusterClass. + properties: + from: + description: From specifies the origin of the variable + definition. This will be `inline` for variables defined + in the ClusterClass or the name of a patch defined in + the ClusterClass for variables discovered from a DiscoverVariables + runtime extensions. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus + the top-level object defined in the schema. If nested + fields are required, this will be specified inside the + schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of + a variable via OpenAPI v3 schema. The schema is + a subset of the schema used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the + schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. NOTE: + AdditionalProperties is mutually exclusive with + Properties. NOTE: This field uses PreserveUnknownFields + and Schemaless, because recursive validation + is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of + the variable. NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values + of the variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the + Maximum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the + Minimum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. + NOTE: Can only be set if type is array. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer + or number variable. If ExclusiveMaximum is false, + the variable is valid if it is lower than, or + equal to, the value of Maximum. If ExclusiveMaximum + is true, the variable is valid if it is strictly + lower than the value of Maximum. NOTE: Can only + be set if type is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer + or number variable. If ExclusiveMinimum is false, + the variable is valid if it is greater than, + or equal to, the value of Minimum. If ExclusiveMinimum + is true, the variable is valid if it is strictly + greater than the value of Minimum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string + variable must match. NOTE: Can only be set if + type is string.' + type: string + properties: + description: 'Properties specifies fields of an + object. NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with + AdditionalProperties. NOTE: This field uses + PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields + of an object are required. NOTE: Can only be + set if type is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. + Valid values are: object, array, string, integer, + number or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in + an array must be unique. NOTE: Can only be set + if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting + fields in a variable object which are not defined + in the variable schema. This affects fields + recursively, except if nested properties or + additionalProperties are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - from + - required + - schema + type: object + type: array + definitionsConflict: + description: DefinitionsConflict specifies whether or not there + are conflicting definitions for a single variable name. + type: boolean + name: + description: Name is the name of the variable. + type: string + required: + - definitions + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesetbindings.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSetBinding + listKind: ClusterResourceSetBindingList + plural: clusterresourcesetbindings + singular: clusterresourcesetbinding + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + clusterName: + description: 'ClusterName is the name of the Cluster this binding + applies to. Note: this field mandatory in v1beta2.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesets.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSet + listKind: ClusterResourceSetList + plural: clusterresourcesets + singular: clusterresourceset + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSet is the Schema for the clusterresourcesets + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + - Reconcile + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusters.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Cluster + listKind: ClusterList + plural: clusters + shortNames: + - cl + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneInitialized: + description: ControlPlaneInitialized defines if the control plane + has been initialized. + type: boolean + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Cluster is the Schema for the clusters API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged + with the corresponding metadata from the ClusterClass. \n + This field is supported if and only if the control plane + provider template referenced in the ClusterClass is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. + format: date-time + type: string + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to zero) and it's assumed that an external entity + (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Cluster + jsonPath: .spec.topology.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration in the + ClusterClass for this control plane. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n If false: + No MachineHealthCheck will be created. \n If not set(default): + A MachineHealthCheck will be created if it is defined + here or in the associated ClusterClass. If no MachineHealthCheck + is defined then none will be created. \n If true: A + MachineHealthCheck is guaranteed to be created. Cluster + validation will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if + at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will be + remediated. If you wish to disable this feature, set + the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a + remediation template provided by an infrastructure provider. + \n This field is completely optional, when filled, the + MachineHealthCheck controller creates a new object from + the template referenced and hands off remediation of + the machine to a controller that lives outside of Cluster + API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the + conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node is + unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for + at least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This + means that remediation will be allowed only when: (a) + there are at least 3 unhealthy machines (and) (b) there + are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced by the ClusterClass is machine based. If not, + it is applied only to the ControlPlane. At runtime this + metadata is merged with the corresponding metadata from + the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: "RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. \n Deprecated: This field has no function and is + going to be removed in the next apiVersion." + format: date-time + type: string + variables: + description: Variables can be used to customize the Cluster through + patches. They must comply to the corresponding VariableClasses + defined in the ClusterClass. + items: + description: ClusterVariable can be used to customize the Cluster + through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where the definition + of this Variable is from. DefinitionFrom is `inline` when + the definition is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass `.spec.patches` + where the patch is external and provides external variables. + This field is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: the value will + be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to use apiextensionsv1.JSON + instead of a custom JSON type, because controller-tools + has a hard-coded schema for apiextensionsv1.JSON which + cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomain: + description: FailureDomain is the failure domain the + machines will be created in. Must match a key in the + FailureDomains map stored on the cluster object. + type: string + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration + in the ClusterClass for this MachineDeployment. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n + If false: No MachineHealthCheck will be created. + \n If not set(default): A MachineHealthCheck will + be created if it is defined here or in the associated + ClusterClass. If no MachineHealthCheck is defined + then none will be created. \n If true: A MachineHealthCheck + is guaranteed to be created. Cluster validation + will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference + to a remediation template provided by an infrastructure + provider. \n This field is completely optional, + when filled, the MachineHealthCheck controller + creates a new object from the template referenced + and hands off remediation of the machine to a + controller that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list + of the conditions that determine whether a node + is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions + is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has + been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" + as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" + - This means that remediation will be allowed + only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy + machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a + node. The default value is 0, meaning that the node + can be drained without any time limitations. NOTE: + NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to 1) and it's assumed that an external entity (like + cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace + existing machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present + only if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy + used by the MachineDeployment to identify + nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value + is supplied, the default DeletePolicy of MachineSet + is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be scheduled above the desired number + of machines. Value can be an absolute number + (ex: 5) or a percentage of desired machines + (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage + by rounding up. Defaults to 1. Example: when + this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling + update starts, such that the total number + of old and new machines do not exceed 130% + of desired machines. Once old machines have + been killed, new MachineSet can be scaled + up further, ensuring that total number of + machines running at any time during the update + is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be unavailable during the update. + Value can be an absolute number (ex: 5) or + a percentage of desired machines (ex: 10%). + Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge + is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately + when the rolling update starts. Once new machines + are ready, old MachineSet can be scaled down + further, followed by scaling up the new MachineSet, + ensuring that the total number of machines + available at all times during the update is + at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + variables: + description: Variables can be used to customize the + MachineDeployment through patches. + properties: + overrides: + description: Overrides can be used to override Cluster + level variables. + items: + description: ClusterVariable can be used to customize + the Cluster through patches. Each ClusterVariable + is associated with a Variable definition in + the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where + the definition of this Variable is from. + DefinitionFrom is `inline` when the definition + is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass + `.spec.patches` where the patch is external + and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: + the value will be validated against the + schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to + use apiextensionsv1.JSON instead of a custom + JSON type, because controller-tools has + a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type + via controller-tools, i.e. it is not possible + to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + type: object + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: extensionconfigs.runtime.cluster.x-k8s.io +spec: + group: runtime.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ExtensionConfig + listKind: ExtensionConfigList + plural: extensionconfigs + shortNames: + - ext + singular: extensionconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ExtensionConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExtensionConfig is the Schema for the ExtensionConfig API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExtensionConfigSpec is the desired state of the ExtensionConfig + properties: + clientConfig: + description: ClientConfig defines how to communicate with the Extension + server. + properties: + caBundle: + description: CABundle is a PEM encoded CA bundle which will be + used to validate the Extension server's server certificate. + format: byte + type: string + service: + description: "Service is a reference to the Kubernetes service + for the Extension server. Note: Exactly one of `url` or `service` + must be specified. \n If the Extension server is running within + a cluster, then you should use `service`." + properties: + name: + description: Name is the name of the service. + type: string + namespace: + description: Namespace is the namespace of the service. + type: string + path: + description: Path is an optional URL path and if present may + be any string permissible in a URL. If a path is set it + will be used as prefix to the hook-specific path. + type: string + port: + description: Port is the port on the service that's hosting + the Extension server. Defaults to 443. Port should be a + valid port number (1-65535, inclusive). + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: "URL gives the location of the Extension server, + in standard URL form (`scheme://host:port/path`). Note: Exactly + one of `url` or `service` must be specified. \n The scheme must + be \"https\". \n The `host` should not refer to a service running + in the cluster; use the `service` field instead. \n A path is + optional, and if present may be any string permissible in a + URL. If a path is set it will be used as prefix to the hook-specific + path. \n Attempting to use a user or basic auth e.g. \"user:password@\" + is not allowed. Fragments (\"#...\") and query parameters (\"?...\") + are not allowed either." + type: string + type: object + namespaceSelector: + description: NamespaceSelector decides whether to call the hook for + an object based on whether the namespace for that object matches + the selector. Defaults to the empty LabelSelector, which matches + all objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + settings: + additionalProperties: + type: string + description: 'Settings defines key value pairs to be passed to all + calls to all supported RuntimeExtensions. Note: Settings can be + overridden on the ClusterClass.' + type: object + required: + - clientConfig + type: object + status: + description: ExtensionConfigStatus is the current state of the ExtensionConfig + properties: + conditions: + description: Conditions define the current service state of the ExtensionConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + handlers: + description: Handlers defines the current ExtensionHandlers supported + by an Extension. + items: + description: ExtensionHandler specifies the details of a handler + for a particular runtime hook registered by an Extension server. + properties: + failurePolicy: + description: FailurePolicy defines how failures in calls to + the ExtensionHandler should be handled by a client. Defaults + to Fail if not set. + type: string + name: + description: Name is the unique name of the ExtensionHandler. + type: string + requestHook: + description: RequestHook defines the versioned runtime hook + which this ExtensionHandler serves. + properties: + apiVersion: + description: APIVersion is the group and version of the + Hook. + type: string + hook: + description: Hook is the name of the hook. + type: string + required: + - apiVersion + - hook + type: object + timeoutSeconds: + description: TimeoutSeconds defines the timeout duration for + client calls to the ExtensionHandler. Defaults to 10 is not + set. + format: int32 + type: integer + required: + - name + - requestHook + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddresses.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - poolRef + - prefix + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinedeployments.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineDeployment + listKind: MachineDeploymentList + plural: machinedeployments + shortNames: + - md + singular: machinedeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + default: 1 + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachineDeployment + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineDeployment + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDeployment is the Schema for the machinedeployments API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: "Number of desired machines. This is a pointer to distinguish + between explicit zero and not specified. \n Defaults to: * if the + Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size - if the replicas + field of the old MachineDeployment is < min size, use min size - + if the replicas field of the old MachineDeployment is > max size, + use max size - if the replicas field of the old MachineDeployment + is in the (min size, max size) range, keep the value from the oldMD + * otherwise use 1 Note: Defaulting will be run whenever the replicas + field is not set: * A new MachineDeployment is created with replicas + not set. * On an existing MachineDeployment the replicas field was + first set and is now unset. Those cases are especially relevant + for the following Kubernetes autoscaler use cases: * A new MachineDeployment + is created and replicas should be managed by the autoscaler * An + existing MachineDeployment which initially wasn't controlled by + the autoscaler should be later controlled by the autoscaler" + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the MachineDeployment. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinehealthchecks.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineHealthCheck + listKind: MachineHealthCheckList + plural: machinehealthchecks + shortNames: + - mhc + - mhcs + singular: machinehealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineHealthCheck is the Schema for the machinehealthchecks + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinepools.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + shortNames: + - mp + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace existing machine + instances with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachinePool + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: 'Minimum number of seconds for which a newly created + machine instances should be ready. Defaults to 0 (machine instance + will be considered available as soon as it is ready) NOTE: No logic + is implemented for this field and it currently has no behaviour.' + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machines.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Machine + listKind: MachineList + plural: machines + shortNames: + - ma + singular: machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as cloud-init + details scripts. If nil, the Machine should remain in the Pending + state. \n Deprecated: Switch to DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller will + attempt to delete the Node that the Machine hosts after the Machine + is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time that + the controller will spend on waiting for all volumes to be detached. + The default value is 0, meaning that the volumes can be detached + without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + certificatesExpiryDate: + description: CertificatesExpiryDate is the expiry date of the machine + certificates. This value is only set for control plane machines. + format: date-time + type: string + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinesets.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineSet + listKind: MachineSetList + plural: machinesets + shortNames: + - ms + singular: machineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this machineset + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineSet + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineSet is the Schema for the machinesets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-role + namespace: capi-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - clusterresourcesets/finalizers + - clusterresourcesets/status + verbs: + - get + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusterclasses/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/finalizers + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + - machinedeployments/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + - machinehealthchecks/finalizers + - machinehealthchecks/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/finalizers + - machinepools/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/finalizers + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + - machinesets/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - get + - list + - watch +- apiGroups: + - runtime.cluster.x-k8s.io + resources: + - extensionconfigs + - extensionconfigs/status + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-rolebinding + namespace: capi-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-webhook-service + namespace: capi-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: cluster-api +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-controller-manager + namespace: capi-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/cluster-api-controller:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-serving-cert + namespace: capi-system +spec: + dnsNames: + - capi-webhook-service.capi-system.svc + - capi-webhook-service.capi-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-selfsigned-issuer + secretName: capi-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-selfsigned-issuer + namespace: capi-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.extensionconfig.runtime.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesetbindings + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfig + listKind: KubeadmConfigList + plural: kubeadmconfigs + singular: kubeadmconfig + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `k8s.gcr.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `k8s.gcr.io` will be used for all the other + images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should be + used for Kubernetes components instead of their respective separate + images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information TODO: revisit when there + is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + bootstrapData: + description: "BootstrapData will be a cloud-init script for now. \n + Deprecated: Switch to DataSecretName." + format: byte + type: string + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `registry.k8s.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for all the + other images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfig is the Schema for the kubeadmconfigs API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry to pull + images from. * If not set, the default registry of kubeadm will + be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): + all older versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= v1.22.0 which + use the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, >= + v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI + build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for + control plane components and for kube-proxy, while `registry.k8s.io` + will be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated by + the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should be + strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm init". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm join". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and this + field will be removed in a future release. When removing also remove + from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfigTemplate + listKind: KubeadmConfigTemplateList + plural: kubeadmconfigtemplates + singular: kubeadmconfigtemplate + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `k8s.gcr.io` will be + used by default; in case of kubernetes version is a + CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default + for control plane components and for kube-proxy, while + `k8s.gcr.io` will be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information TODO: revisit + when there is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` will + be used by default; in case of kubernetes version is + a CI build (kubernetes version starts with `ci/` or + `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be + used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new + registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= + v1.25.0 * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we + don''t allow upgrades to versions >= v1.22.0 which use + the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used + for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition configuration + generated by the bootstrapper controller. More info: + https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated + as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. When + removing also remove from staticcheck exclude-rules for + SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-role + namespace: capi-kubeadm-bootstrap-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/finalizers + - kubeadmconfigs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-rolebinding + namespace: capi-kubeadm-bootstrap-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-bootstrap-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-bootstrap-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} + command: + - /manager + image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-bootstrap-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-serving-cert + namespace: capi-kubeadm-bootstrap-system +spec: + dnsNames: + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-bootstrap-selfsigned-issuer + secretName: capi-kubeadm-bootstrap-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-selfsigned-issuer + namespace: capi-kubeadm-bootstrap-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlane + listKind: KubeadmControlPlaneList + plural: kubeadmcontrolplanes + shortNames: + - kcp + singular: kubeadmcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + infrastructureTemplate: + description: InfrastructureTemplate is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `k8s.gcr.io` will be used by + default; in case of kubernetes version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `k8s.gcr.io` will be used for all + the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information TODO: revisit when there is defaulting from + k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a controlplane node The default + value is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + upgradeAfter: + description: UpgradeAfter is a field to indicate an upgrade should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane + format: date-time + type: string + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - infrastructureTemplate + - kubeadmConfigSpec + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `registry.k8s.io` will be used + by default; in case of kubernetes version is a CI build + (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Total number of machines desired by this control plane + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new registry): + >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io + (old registry): all older versions Please note that when + imageRepository is not set we don''t allow upgrades to versions + >= v1.22.0 which use the old registry (k8s.gcr.io). Please + use a newer patch version with the new registry instead + (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts + with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated + by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and + this field will be removed in a future release. When removing + also remove from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the machine + controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. If no value is provided, + the default value for this property of the Machine resource + will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. + type: string + required: + - infrastructureRef + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control plane + machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while attempting + to remediate an unhealthy machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. For example, given a control plane with three machines + M1, M2, M3: \n M1 become unhealthy; remediation happens, and + M1-1 is created as a replacement. If M1-1 (replacement of M1) + has problems while bootstrapping it will become unhealthy, and + then be remediated; such operation is considered a retry, remediation-retry + #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry + #2 will happen, etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation expired, + this is not considered a retry anymore because the new issue + is assumed unrelated from the previous one. \n If not set, the + remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after which + KCP will consider any failure to a machine unrelated from the + previous one. In this case the remediation is not considered + a retry anymore, and thus the retry counter restarts from 0. + For example, assuming MinHealthyPeriod is set to 1h (default) + \n M1 become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems within + the 1hr after the creation, also this machine will be remediated + and this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead the problem + on M1-1 is happening after MinHealthyPeriod expired, e.g. four + days after m1-1 has been created as a remediation of M1, the + problem on M1-1 is considered unrelated to the original issue + happened to M1. \n If not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should wait + before remediating a machine being created as a replacement + for an unhealthy machine (a retry). \n If not set, a retry will + happen immediately." + type: string + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout should + be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout needs + to be performed if the certificates of the machine will expire + within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: 'Version defines the desired Kubernetes version. Please + note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository + is not set we don''t allow upgrades to versions >= v1.22.0 for which + kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead. The default registries of + kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, + >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + lastRemediation: + description: LastRemediation stores info about last remediation performed. + properties: + machine: + description: Machine is the machine name of the latest machine + being remediated. + type: string + retryCount: + description: RetryCount used to keep track of remediation retry + for the last remediated machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. + format: int32 + type: integer + timestamp: + description: Timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlaneTemplate + listKind: KubeadmControlPlaneTemplateList + plural: kubeadmcontrolplanetemplates + singular: kubeadmcontrolplanetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + spec: + description: KubeadmControlPlaneSpec defines the desired state + of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` + will be used by default; in case of kubernetes version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference + to a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When + stacked etcd is used only odd numbers are permitted, as + per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and + not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'KubeadmControlPlaneTemplateResourceSpec defines + the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec + is similar to KubeadmControlPlaneSpec but omits Replicas and + Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, + because they are calculated by the Cluster topology reconciler + during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.' + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io + (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0 * k8s.gcr.io (old registry): all older + versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= + v1.22.0 which use the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry + instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0). * If the version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append + Content to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition + configuration generated by the bootstrapper + controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig + should be strictly parsed. If so, warnings are + treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules + for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of + passwd to populate the passwd. + properties: + secret: + description: Secret represents a secret that + should populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + machine controller will attempt to delete the Node that + the Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. If + no value is provided, the default value for this property + of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, + meaning that the volumes can be detached without any + time limitations. + type: string + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control + plane machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while + attempting to remediate an unhealthy machine. A retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails. For example, given + a control plane with three machines M1, M2, M3: \n M1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems + while bootstrapping it will become unhealthy, and then + be remediated; such operation is considered a retry, + remediation-retry #1. If M1-2 (replacement of M1-1) + becomes unhealthy, remediation-retry #2 will happen, + etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation + expired, this is not considered a retry anymore because + the new issue is assumed unrelated from the previous + one. \n If not set, the remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after + which KCP will consider any failure to a machine unrelated + from the previous one. In this case the remediation + is not considered a retry anymore, and thus the retry + counter restarts from 0. For example, assuming MinHealthyPeriod + is set to 1h (default) \n M1 become unhealthy; remediation + happens, and M1-1 is created as a replacement. If M1-1 + (replacement of M1) has problems within the 1hr after + the creation, also this machine will be remediated and + this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead + the problem on M1-1 is happening after MinHealthyPeriod + expired, e.g. four days after m1-1 has been created + as a remediation of M1, the problem on M1-1 is considered + unrelated to the original issue happened to M1. \n If + not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should + wait before remediating a machine being created as a + replacement for an unhealthy machine (a retry). \n If + not set, a retry will happen immediately." + type: string + type: object + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout + should be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout + needs to be performed if the certificates of the machine + will expire within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + required: + - kubeadmConfigSpec + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-role + namespace: capi-kubeadm-control-plane-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: capi-kubeadm-control-plane-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-rolebinding + namespace: capi-kubeadm-control-plane-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-control-plane-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-control-plane-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-control-plane-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-serving-cert + namespace: capi-kubeadm-control-plane-system +spec: + dnsNames: + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-control-plane-selfsigned-issuer + secretName: capi-kubeadm-control-plane-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-selfsigned-issuer + namespace: capi-kubeadm-control-plane-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - kubeadmcontrolplanes/scale + sideEffects: None diff --git a/files/cluster-api/v1.5.6/cluster-template-development.yaml b/files/cluster-api/v1.5.6/cluster-template-development.yaml new file mode 100644 index 00000000..03a4c8ef --- /dev/null +++ b/files/cluster-api/v1.5.6/cluster-template-development.yaml @@ -0,0 +1,37 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" + namespace: "${NAMESPACE}" +spec: + clusterNetwork: + services: + cidrBlocks: ${SERVICE_CIDR:=["10.128.0.0/12"]} + pods: + cidrBlocks: ${POD_CIDR:=["192.168.0.0/16"]} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + topology: + class: quick-start + controlPlane: + metadata: {} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: imageRepository + value: "" + - name: etcdImageTag + value: "" + - name: coreDNSImageTag + value: "" + - name: podSecurityStandard + value: + enabled: ${POD_SECURITY_STANDARD_ENABLED:=true} + enforce: "baseline" + audit: "restricted" + warn: "restricted" + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- diff --git a/files/cluster-api/v1.5.6/cluster-template-in-memory-development.yaml b/files/cluster-api/v1.5.6/cluster-template-in-memory-development.yaml new file mode 100644 index 00000000..92a570fd --- /dev/null +++ b/files/cluster-api/v1.5.6/cluster-template-in-memory-development.yaml @@ -0,0 +1,22 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" + namespace: "${NAMESPACE}" +spec: + clusterNetwork: + services: + cidrBlocks: ${SERVICE_CIDR:=["10.128.0.0/12"]} + pods: + cidrBlocks: ${POD_CIDR:=["192.168.0.0/16"]} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + topology: + class: in-memory-quick-start + version: ${KUBERNETES_VERSION} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api/v1.5.6/clusterclass-in-memory-quick-start.yaml b/files/cluster-api/v1.5.6/clusterclass-in-memory-quick-start.yaml new file mode 100644 index 00000000..284bed26 --- /dev/null +++ b/files/cluster-api/v1.5.6/clusterclass-in-memory-quick-start.yaml @@ -0,0 +1,152 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: in-memory-quick-start +spec: + controlPlane: + metadata: + annotations: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 + kind: InMemoryMachineTemplate + name: in-memory-quick-start-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: in-memory-quick-start-control-plane + machineHealthCheck: + unhealthyConditions: + - type: Ready + status: Unknown + timeout: 300s + - type: Ready + status: "False" + timeout: 300s + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 + kind: InMemoryClusterTemplate + name: in-memory-quick-start-cluster + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: in-memory-quick-start-default-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 + kind: InMemoryMachineTemplate + name: in-memory-quick-start-default-worker-machinetemplate + machineHealthCheck: + unhealthyConditions: + - type: Ready + status: Unknown + timeout: 300s + - type: Ready + status: "False" + timeout: 300s +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: InMemoryClusterTemplate +metadata: + name: in-memory-quick-start-cluster +spec: + template: + spec: {} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: in-memory-quick-start-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + certSANs: + - localhost + - 127.0.0.1 + - 0.0.0.0 + - host.docker.internal + controllerManager: + extraArgs: + enable-hostpath-provisioner: "true" + initConfiguration: + nodeRegistration: + criSocket: unix:///var/run/containerd/containerd.sock + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% + joinConfiguration: + nodeRegistration: + criSocket: unix:///var/run/containerd/containerd.sock + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: InMemoryMachineTemplate +metadata: + name: in-memory-quick-start-control-plane +spec: + template: + spec: + behaviour: + vm: + provisioning: + startupDuration: "30s" + startupJitter: "0.2" + node: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + apiServer: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + etcd: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: InMemoryMachineTemplate +metadata: + name: in-memory-quick-start-default-worker-machinetemplate +spec: + template: + spec: + behaviour: + vm: + provisioning: + startupDuration: "30s" + startupJitter: "0.2" + node: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + apiServer: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + etcd: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: in-memory-quick-start-default-worker-bootstraptemplate +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + criSocket: unix:///var/run/containerd/containerd.sock + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% diff --git a/files/cluster-api/v1.5.6/clusterclass-quick-start.yaml b/files/cluster-api/v1.5.6/clusterclass-quick-start.yaml new file mode 100644 index 00000000..f3cc62e6 --- /dev/null +++ b/files/cluster-api/v1.5.6/clusterclass-quick-start.yaml @@ -0,0 +1,257 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: quick-start +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: quick-start-control-plane + machineInfrastructure: + ref: + kind: DockerMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: quick-start-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerClusterTemplate + name: quick-start-cluster + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: quick-start-default-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + name: quick-start-default-worker-machinetemplate + variables: + - name: imageRepository + required: true + schema: + openAPIV3Schema: + type: string + default: "" + example: "registry.k8s.io" + description: "imageRepository sets the container registry to pull images from. If empty, nothing will be set and the from of kubeadm will be used." + - name: etcdImageTag + required: true + schema: + openAPIV3Schema: + type: string + default: "" + example: "3.5.3-0" + description: "etcdImageTag sets the tag for the etcd image." + - name: coreDNSImageTag + required: true + schema: + openAPIV3Schema: + type: string + default: "" + example: "v1.8.5" + description: "coreDNSImageTag sets the tag for the coreDNS image." + - name: podSecurityStandard + required: false + schema: + openAPIV3Schema: + type: object + properties: + enabled: + type: boolean + default: true + description: "enabled enables the patches to enable Pod Security Standard via AdmissionConfiguration." + enforce: + type: string + default: "baseline" + description: "enforce sets the level for the enforce PodSecurityConfiguration mode. One of privileged, baseline, restricted." + audit: + type: string + default: "restricted" + description: "audit sets the level for the audit PodSecurityConfiguration mode. One of privileged, baseline, restricted." + warn: + type: string + default: "restricted" + description: "warn sets the level for the warn PodSecurityConfiguration mode. One of privileged, baseline, restricted." + patches: + - name: imageRepository + description: "Sets the imageRepository used for the KubeadmControlPlane." + enabledIf: '{{ ne .imageRepository "" }}' + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/imageRepository" + valueFrom: + variable: imageRepository + - name: etcdImageTag + description: "Sets tag to use for the etcd image in the KubeadmControlPlane." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/etcd" + valueFrom: + template: | + local: + imageTag: {{ .etcdImageTag }} + - name: coreDNSImageTag + description: "Sets tag to use for the etcd image in the KubeadmControlPlane." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/dns" + valueFrom: + template: | + imageTag: {{ .coreDNSImageTag }} + - name: customImage + description: "Sets the container image that is used for running dockerMachines for the controlPlane and default-worker machineDeployments." + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/customImage" + valueFrom: + template: | + kindest/node:{{ .builtin.machineDeployment.version | replace "+" "_" }} + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/customImage" + valueFrom: + template: | + kindest/node:{{ .builtin.controlPlane.version | replace "+" "_" }} + - name: podSecurityStandard + description: "Adds an admission configuration for PodSecurity to the kube-apiserver." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs" + value: + admission-control-config-file: "/etc/kubernetes/kube-apiserver-admission-pss.yaml" + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraVolumes" + value: + - name: admission-pss + hostPath: /etc/kubernetes/kube-apiserver-admission-pss.yaml + mountPath: /etc/kubernetes/kube-apiserver-admission-pss.yaml + readOnly: true + pathType: "File" + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/files" + valueFrom: + template: | + - content: | + apiVersion: apiserver.config.k8s.io/v1 + kind: AdmissionConfiguration + plugins: + - name: PodSecurity + configuration: + apiVersion: pod-security.admission.config.k8s.io/v1{{ if semverCompare "< v1.25" .builtin.controlPlane.version }}beta1{{ end }} + kind: PodSecurityConfiguration + defaults: + enforce: "{{ .podSecurityStandard.enforce }}" + enforce-version: "latest" + audit: "{{ .podSecurityStandard.audit }}" + audit-version: "latest" + warn: "{{ .podSecurityStandard.warn }}" + warn-version: "latest" + exemptions: + usernames: [] + runtimeClasses: [] + namespaces: [kube-system] + path: /etc/kubernetes/kube-apiserver-admission-pss.yaml + enabledIf: "{{ .podSecurityStandard.enabled }}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerClusterTemplate +metadata: + name: quick-start-cluster +spec: + template: + spec: {} +--- +kind: KubeadmControlPlaneTemplate +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: quick-start-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + controllerManager: + extraArgs: { enable-hostpath-provisioner: 'true' } + apiServer: + # host.docker.internal is required by kubetest when running on MacOS because of the way ports are proxied. + certSANs: [localhost, 127.0.0.1, 0.0.0.0, host.docker.internal] + initConfiguration: + nodeRegistration: {} # node registration parameters are automatically injected by CAPD according to the kindest/node image in use. + joinConfiguration: + nodeRegistration: {} # node registration parameters are automatically injected by CAPD according to the kindest/node image in use. +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachineTemplate +metadata: + name: quick-start-control-plane +spec: + template: + spec: + extraMounts: + - containerPath: "/var/run/docker.sock" + hostPath: "/var/run/docker.sock" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachineTemplate +metadata: + name: quick-start-default-worker-machinetemplate +spec: + template: + spec: + extraMounts: + - containerPath: "/var/run/docker.sock" + hostPath: "/var/run/docker.sock" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: quick-start-default-worker-bootstraptemplate +spec: + template: + spec: + joinConfiguration: + nodeRegistration: {} # node registration parameters are automatically injected by CAPD according to the kindest/node image in use. diff --git a/files/cluster-api/v1.5.6/control-plane-components.yaml b/files/cluster-api/v1.5.6/control-plane-components.yaml new file mode 100644 index 00000000..281cf3ae --- /dev/null +++ b/files/cluster-api/v1.5.6/control-plane-components.yaml @@ -0,0 +1,6855 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlane + listKind: KubeadmControlPlaneList + plural: kubeadmcontrolplanes + shortNames: + - kcp + singular: kubeadmcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + infrastructureTemplate: + description: InfrastructureTemplate is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `k8s.gcr.io` will be used by + default; in case of kubernetes version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `k8s.gcr.io` will be used for all + the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information TODO: revisit when there is defaulting from + k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a controlplane node The default + value is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + upgradeAfter: + description: UpgradeAfter is a field to indicate an upgrade should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane + format: date-time + type: string + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - infrastructureTemplate + - kubeadmConfigSpec + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `registry.k8s.io` will be used + by default; in case of kubernetes version is a CI build + (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Total number of machines desired by this control plane + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new registry): + >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io + (old registry): all older versions Please note that when + imageRepository is not set we don''t allow upgrades to versions + >= v1.22.0 which use the old registry (k8s.gcr.io). Please + use a newer patch version with the new registry instead + (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts + with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated + by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and + this field will be removed in a future release. When removing + also remove from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the machine + controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. If no value is provided, + the default value for this property of the Machine resource + will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. + type: string + required: + - infrastructureRef + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control plane + machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while attempting + to remediate an unhealthy machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. For example, given a control plane with three machines + M1, M2, M3: \n M1 become unhealthy; remediation happens, and + M1-1 is created as a replacement. If M1-1 (replacement of M1) + has problems while bootstrapping it will become unhealthy, and + then be remediated; such operation is considered a retry, remediation-retry + #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry + #2 will happen, etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation expired, + this is not considered a retry anymore because the new issue + is assumed unrelated from the previous one. \n If not set, the + remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after which + KCP will consider any failure to a machine unrelated from the + previous one. In this case the remediation is not considered + a retry anymore, and thus the retry counter restarts from 0. + For example, assuming MinHealthyPeriod is set to 1h (default) + \n M1 become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems within + the 1hr after the creation, also this machine will be remediated + and this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead the problem + on M1-1 is happening after MinHealthyPeriod expired, e.g. four + days after m1-1 has been created as a remediation of M1, the + problem on M1-1 is considered unrelated to the original issue + happened to M1. \n If not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should wait + before remediating a machine being created as a replacement + for an unhealthy machine (a retry). \n If not set, a retry will + happen immediately." + type: string + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout should + be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout needs + to be performed if the certificates of the machine will expire + within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: 'Version defines the desired Kubernetes version. Please + note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository + is not set we don''t allow upgrades to versions >= v1.22.0 for which + kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead. The default registries of + kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, + >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + lastRemediation: + description: LastRemediation stores info about last remediation performed. + properties: + machine: + description: Machine is the machine name of the latest machine + being remediated. + type: string + retryCount: + description: RetryCount used to keep track of remediation retry + for the last remediated machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. + format: int32 + type: integer + timestamp: + description: Timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlaneTemplate + listKind: KubeadmControlPlaneTemplateList + plural: kubeadmcontrolplanetemplates + singular: kubeadmcontrolplanetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + spec: + description: KubeadmControlPlaneSpec defines the desired state + of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` + will be used by default; in case of kubernetes version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference + to a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When + stacked etcd is used only odd numbers are permitted, as + per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and + not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'KubeadmControlPlaneTemplateResourceSpec defines + the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec + is similar to KubeadmControlPlaneSpec but omits Replicas and + Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, + because they are calculated by the Cluster topology reconciler + during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.' + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io + (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0 * k8s.gcr.io (old registry): all older + versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= + v1.22.0 which use the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry + instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0). * If the version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append + Content to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition + configuration generated by the bootstrapper + controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig + should be strictly parsed. If so, warnings are + treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules + for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of + passwd to populate the passwd. + properties: + secret: + description: Secret represents a secret that + should populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + machine controller will attempt to delete the Node that + the Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. If + no value is provided, the default value for this property + of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, + meaning that the volumes can be detached without any + time limitations. + type: string + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control + plane machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while + attempting to remediate an unhealthy machine. A retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails. For example, given + a control plane with three machines M1, M2, M3: \n M1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems + while bootstrapping it will become unhealthy, and then + be remediated; such operation is considered a retry, + remediation-retry #1. If M1-2 (replacement of M1-1) + becomes unhealthy, remediation-retry #2 will happen, + etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation + expired, this is not considered a retry anymore because + the new issue is assumed unrelated from the previous + one. \n If not set, the remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after + which KCP will consider any failure to a machine unrelated + from the previous one. In this case the remediation + is not considered a retry anymore, and thus the retry + counter restarts from 0. For example, assuming MinHealthyPeriod + is set to 1h (default) \n M1 become unhealthy; remediation + happens, and M1-1 is created as a replacement. If M1-1 + (replacement of M1) has problems within the 1hr after + the creation, also this machine will be remediated and + this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead + the problem on M1-1 is happening after MinHealthyPeriod + expired, e.g. four days after m1-1 has been created + as a remediation of M1, the problem on M1-1 is considered + unrelated to the original issue happened to M1. \n If + not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should + wait before remediating a machine being created as a + replacement for an unhealthy machine (a retry). \n If + not set, a retry will happen immediately." + type: string + type: object + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout + should be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout + needs to be performed if the certificates of the machine + will expire within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + required: + - kubeadmConfigSpec + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-role + namespace: capi-kubeadm-control-plane-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: capi-kubeadm-control-plane-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-rolebinding + namespace: capi-kubeadm-control-plane-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-control-plane-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-control-plane-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-control-plane-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-serving-cert + namespace: capi-kubeadm-control-plane-system +spec: + dnsNames: + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-control-plane-selfsigned-issuer + secretName: capi-kubeadm-control-plane-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-selfsigned-issuer + namespace: capi-kubeadm-control-plane-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - kubeadmcontrolplanes/scale + sideEffects: None diff --git a/files/cluster-api/v1.5.6/core-components.yaml b/files/cluster-api/v1.5.6/core-components.yaml new file mode 100644 index 00000000..37186923 --- /dev/null +++ b/files/cluster-api/v1.5.6/core-components.yaml @@ -0,0 +1,11756 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterclasses.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterClass + listKind: ClusterClassList + plural: clusterclasses + shortNames: + - cc + singular: clusterclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterClass is a template which can be used to create managed + topologies. \n Deprecated: This type will be removed in one of the next + releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineInfrastructure: + description: "MachineTemplate defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged with + the corresponding metadata from the topology. \n This field + is supported if and only if the control plane provider template + referenced is Machine based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterClass is a template which can be used to create managed + topologies. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck for + this ControlPlaneClass. This field is supported if and only + if the ControlPlane provider template referenced above is Machine + based and supports setting replicas. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at + most "MaxUnhealthy" machines selected by "selector" are + not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node + will be considered to have failed and will be remediated. + If you wish to disable this feature, set the value explicitly + to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This + field is completely optional, when filled, the MachineHealthCheck + controller creates a new object from the template referenced + and hands off remediation of the machine to a controller + that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The + conditions are combined in a logical OR, i.e. if any of + the conditions is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for at + least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the + number of machines selected by "selector" as not healthy + is within the range of "UnhealthyRange". Takes precedence + over MaxUnhealthy. Eg. "[3-5]" - This means that remediation + will be allowed only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + machineInfrastructure: + description: "MachineInfrastructure defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced is machine based. If not, it is applied only to the + ControlPlane. At runtime this metadata is merged with the corresponding + metadata from the topology. \n This field is supported if and + only if the control plane provider template referenced is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the control plane provider object. + properties: + template: + description: 'Template defines the template to use for generating + the name of the ControlPlane object. If not defined, it + will fallback to `{{ .cluster.name }}-{{ .random }}`. If + the templated string exceeds 63 characters, it will be trimmed + to 58 characters and will get concatenated with a random + suffix of length 5. The templating mechanism provides the + following arguments: * `.cluster.name`: The name of the + cluster object. * `.random`: A random alphanumeric string, + without vowels, of length 5.' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will retry + deletion indefinitely. Defaults to 10 seconds. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a node. The default value + is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl + drain --timeout` NOTE: This value can be overridden while defining + a Cluster.Topology.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + patches: + description: 'Patches defines the patches which are applied to customize + referenced templates of a ClusterClass. Note: Patches will be applied + in the order of the array.' + items: + description: ClusterClassPatch defines a patch which is applied + to customize the referenced templates. + properties: + definitions: + description: 'Definitions define inline patches. Note: Patches + will be applied in the order of the array. Note: Exactly one + of Definitions or External must be set.' + items: + description: PatchDefinition defines a patch which is applied + to customize the referenced templates. + properties: + jsonPatches: + description: 'JSONPatches defines the patches which should + be applied on the templates matching the selector. Note: + Patches will be applied in the order of the array.' + items: + description: JSONPatch defines a JSON patch. + properties: + op: + description: 'Op defines the operation of the patch. + Note: Only `add`, `replace` and `remove` are supported.' + type: string + path: + description: 'Path defines the path of the patch. + Note: Only the spec of a template can be patched, + thus the path has to start with /spec/. Note: + For now the only allowed array modifications are + `append` and `prepend`, i.e.: * for op: `add`: + only index 0 (prepend) and - (append) are allowed + * for op: `replace` or `remove`: no indexes are + allowed' + type: string + value: + description: 'Value defines the value of the patch. + Note: Either Value or ValueFrom is required for + add and replace operations. Only one of them is + allowed to be set at the same time. Note: We have + to use apiextensionsv1.JSON instead of our JSON + type, because controller-tools has a hard-coded + schema for apiextensionsv1.JSON which cannot be + produced by another type (unset type field). Ref: + https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: 'ValueFrom defines the value of the + patch. Note: Either Value or ValueFrom is required + for add and replace operations. Only one of them + is allowed to be set at the same time.' + properties: + template: + description: 'Template is the Go template to + be used to calculate the value. A template + can reference variables defined in .spec.variables + and builtin variables. Note: The template + must evaluate to a valid YAML or JSON value.' + type: string + variable: + description: Variable is the variable to be + used as value. Variable can be one of the + variables defined in .spec.variables or a + builtin variable. + type: string + type: object + required: + - op + - path + type: object + type: array + selector: + description: Selector defines on which templates the patch + should be applied. + properties: + apiVersion: + description: APIVersion filters templates by apiVersion. + type: string + kind: + description: Kind filters templates by kind. + type: string + matchResources: + description: MatchResources selects templates based + on where they are referenced. + properties: + controlPlane: + description: 'ControlPlane selects templates referenced + in .spec.ControlPlane. Note: this will match + the controlPlane and also the controlPlane machineInfrastructure + (depending on the kind and apiVersion).' + type: boolean + infrastructureCluster: + description: InfrastructureCluster selects templates + referenced in .spec.infrastructure. + type: boolean + machineDeploymentClass: + description: MachineDeploymentClass selects templates + referenced in specific MachineDeploymentClasses + in .spec.workers.machineDeployments. + properties: + names: + description: Names selects templates by class + names. + items: + type: string + type: array + type: object + type: object + required: + - apiVersion + - kind + - matchResources + type: object + required: + - jsonPatches + - selector + type: object + type: array + description: + description: Description is a human-readable description of + this patch. + type: string + enabledIf: + description: EnabledIf is a Go template to be used to calculate + if a patch should be enabled. It can reference variables defined + in .spec.variables and builtin variables. The patch will be + enabled if the template evaluates to `true`, otherwise it + will be disabled. If EnabledIf is not set, the patch will + be enabled per default. + type: string + external: + description: 'External defines an external patch. Note: Exactly + one of Definitions or External must be set.' + properties: + discoverVariablesExtension: + description: DiscoverVariablesExtension references an extension + which is called to discover variables. + type: string + generateExtension: + description: GenerateExtension references an extension which + is called to generate patches. + type: string + settings: + additionalProperties: + type: string + description: Settings defines key value pairs to be passed + to the extensions. Values defined here take precedence + over the values defined in the corresponding ExtensionConfig. + type: object + validateExtension: + description: ValidateExtension references an extension which + is called to validate the topology. + type: string + type: object + name: + description: Name of the patch. + type: string + required: + - name + type: object + type: array + variables: + description: Variables defines the variables which can be configured + in the Cluster topology and are then used in patches. + items: + description: ClusterClassVariable defines a variable which can be + configured in the Cluster topology and used in patches. + properties: + name: + description: Name of the variable. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of a variable + via OpenAPI v3 schema. The schema is a subset of the schema + used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the schema + of values in a map (keys are always strings). NOTE: + Can only be set if type is object. NOTE: AdditionalProperties + is mutually exclusive with Properties. NOTE: This + field uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of the variable. + NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values of the + variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the Maximum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the Minimum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. NOTE: + Can only be set if type is array. NOTE: This field + uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer or + number variable. If ExclusiveMaximum is false, the + variable is valid if it is lower than, or equal to, + the value of Maximum. If ExclusiveMaximum is true, + the variable is valid if it is strictly lower than + the value of Maximum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer or + number variable. If ExclusiveMinimum is false, the + variable is valid if it is greater than, or equal + to, the value of Minimum. If ExclusiveMinimum is true, + the variable is valid if it is strictly greater than + the value of Minimum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string variable + must match. NOTE: Can only be set if type is string.' + type: string + properties: + description: 'Properties specifies fields of an object. + NOTE: Can only be set if type is object. NOTE: Properties + is mutually exclusive with AdditionalProperties. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields of an + object are required. NOTE: Can only be set if type + is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. Valid + values are: object, array, string, integer, number + or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in an array + must be unique. NOTE: Can only be set if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields + in a variable object which are not defined in the + variable schema. This affects fields recursively, + except if nested properties or additionalProperties + are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - name + - required + - schema + type: object + type: array + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + failureDomain: + description: 'FailureDomain is the failure domain the machines + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck + for this MachineDeploymentClass. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to + a remediation template provided by an infrastructure + provider. \n This field is completely optional, when + filled, the MachineHealthCheck controller creates + a new object from the template referenced and hands + off remediation of the machine to a controller that + lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of + the conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node + is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has been + in the given status for at least the timeout value, + a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - + This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + format: int32 + type: integer + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the MachineDeployment. + properties: + template: + description: 'Template defines the template to use for + generating the name of the MachineDeployment object. + If not defined, it will fallback to `{{ .cluster.name + }}-{{ .machineDeployment.topologyName }}-{{ .random + }}`. If the templated string exceeds 63 characters, + it will be trimmed to 58 characters and will get concatenated + with a random suffix of length 5. The templating mechanism + provides the following arguments: * `.cluster.name`: + The name of the cluster object. * `.random`: A random + alphanumeric string, without vowels, of length 5. + * `.machineDeployment.topologyName`: The name of the + MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + strategy: + description: 'The deployment strategy to use to replace + existing machines with new ones. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + properties: + rollingUpdate: + description: Rolling update config params. Present only + if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used + by the MachineDeployment to identify nodes to + delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be scheduled above the desired number of machines. + Value can be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). This can not be + 0 if MaxUnavailable is 0. Absolute number is calculated + from percentage by rounding up. Defaults to 1. + Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling + update starts, such that the total number of old + and new machines do not exceed 130% of desired + machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring + that total number of machines running at any time + during the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be unavailable during the update. Value can + be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to + 0. Example: when this is set to 30%, the old MachineSet + can be scaled down to 70% of desired machines + immediately when the rolling update starts. Once + new machines are ready, old MachineSet can be + scaled down further, followed by scaling up the + new MachineSet, ensuring that the total number + of machines available at all times during the + update is at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + status: + description: ClusterClassStatus defines the observed state of the ClusterClass. + properties: + conditions: + description: Conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + variables: + description: Variables is a list of ClusterClassStatusVariable that + are defined for the ClusterClass. + items: + description: ClusterClassStatusVariable defines a variable which + appears in the status of a ClusterClass. + properties: + definitions: + description: Definitions is a list of definitions for a variable. + items: + description: ClusterClassStatusVariableDefinition defines + a variable which appears in the status of a ClusterClass. + properties: + from: + description: From specifies the origin of the variable + definition. This will be `inline` for variables defined + in the ClusterClass or the name of a patch defined in + the ClusterClass for variables discovered from a DiscoverVariables + runtime extensions. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus + the top-level object defined in the schema. If nested + fields are required, this will be specified inside the + schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of + a variable via OpenAPI v3 schema. The schema is + a subset of the schema used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the + schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. NOTE: + AdditionalProperties is mutually exclusive with + Properties. NOTE: This field uses PreserveUnknownFields + and Schemaless, because recursive validation + is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of + the variable. NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values + of the variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the + Maximum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the + Minimum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. + NOTE: Can only be set if type is array. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer + or number variable. If ExclusiveMaximum is false, + the variable is valid if it is lower than, or + equal to, the value of Maximum. If ExclusiveMaximum + is true, the variable is valid if it is strictly + lower than the value of Maximum. NOTE: Can only + be set if type is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer + or number variable. If ExclusiveMinimum is false, + the variable is valid if it is greater than, + or equal to, the value of Minimum. If ExclusiveMinimum + is true, the variable is valid if it is strictly + greater than the value of Minimum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string + variable must match. NOTE: Can only be set if + type is string.' + type: string + properties: + description: 'Properties specifies fields of an + object. NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with + AdditionalProperties. NOTE: This field uses + PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields + of an object are required. NOTE: Can only be + set if type is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. + Valid values are: object, array, string, integer, + number or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in + an array must be unique. NOTE: Can only be set + if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting + fields in a variable object which are not defined + in the variable schema. This affects fields + recursively, except if nested properties or + additionalProperties are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - from + - required + - schema + type: object + type: array + definitionsConflict: + description: DefinitionsConflict specifies whether or not there + are conflicting definitions for a single variable name. + type: boolean + name: + description: Name is the name of the variable. + type: string + required: + - definitions + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesetbindings.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSetBinding + listKind: ClusterResourceSetBindingList + plural: clusterresourcesetbindings + singular: clusterresourcesetbinding + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + clusterName: + description: 'ClusterName is the name of the Cluster this binding + applies to. Note: this field mandatory in v1beta2.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesets.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSet + listKind: ClusterResourceSetList + plural: clusterresourcesets + singular: clusterresourceset + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSet is the Schema for the clusterresourcesets + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + - Reconcile + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusters.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Cluster + listKind: ClusterList + plural: clusters + shortNames: + - cl + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneInitialized: + description: ControlPlaneInitialized defines if the control plane + has been initialized. + type: boolean + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Cluster is the Schema for the clusters API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged + with the corresponding metadata from the ClusterClass. \n + This field is supported if and only if the control plane + provider template referenced in the ClusterClass is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. + format: date-time + type: string + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to zero) and it's assumed that an external entity + (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Cluster + jsonPath: .spec.topology.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration in the + ClusterClass for this control plane. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n If false: + No MachineHealthCheck will be created. \n If not set(default): + A MachineHealthCheck will be created if it is defined + here or in the associated ClusterClass. If no MachineHealthCheck + is defined then none will be created. \n If true: A + MachineHealthCheck is guaranteed to be created. Cluster + validation will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if + at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will be + remediated. If you wish to disable this feature, set + the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a + remediation template provided by an infrastructure provider. + \n This field is completely optional, when filled, the + MachineHealthCheck controller creates a new object from + the template referenced and hands off remediation of + the machine to a controller that lives outside of Cluster + API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the + conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node is + unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for + at least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This + means that remediation will be allowed only when: (a) + there are at least 3 unhealthy machines (and) (b) there + are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced by the ClusterClass is machine based. If not, + it is applied only to the ControlPlane. At runtime this + metadata is merged with the corresponding metadata from + the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: "RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. \n Deprecated: This field has no function and is + going to be removed in the next apiVersion." + format: date-time + type: string + variables: + description: Variables can be used to customize the Cluster through + patches. They must comply to the corresponding VariableClasses + defined in the ClusterClass. + items: + description: ClusterVariable can be used to customize the Cluster + through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where the definition + of this Variable is from. DefinitionFrom is `inline` when + the definition is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass `.spec.patches` + where the patch is external and provides external variables. + This field is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: the value will + be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to use apiextensionsv1.JSON + instead of a custom JSON type, because controller-tools + has a hard-coded schema for apiextensionsv1.JSON which + cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomain: + description: FailureDomain is the failure domain the + machines will be created in. Must match a key in the + FailureDomains map stored on the cluster object. + type: string + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration + in the ClusterClass for this MachineDeployment. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n + If false: No MachineHealthCheck will be created. + \n If not set(default): A MachineHealthCheck will + be created if it is defined here or in the associated + ClusterClass. If no MachineHealthCheck is defined + then none will be created. \n If true: A MachineHealthCheck + is guaranteed to be created. Cluster validation + will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference + to a remediation template provided by an infrastructure + provider. \n This field is completely optional, + when filled, the MachineHealthCheck controller + creates a new object from the template referenced + and hands off remediation of the machine to a + controller that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list + of the conditions that determine whether a node + is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions + is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has + been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" + as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" + - This means that remediation will be allowed + only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy + machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a + node. The default value is 0, meaning that the node + can be drained without any time limitations. NOTE: + NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to 1) and it's assumed that an external entity (like + cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace + existing machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present + only if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy + used by the MachineDeployment to identify + nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value + is supplied, the default DeletePolicy of MachineSet + is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be scheduled above the desired number + of machines. Value can be an absolute number + (ex: 5) or a percentage of desired machines + (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage + by rounding up. Defaults to 1. Example: when + this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling + update starts, such that the total number + of old and new machines do not exceed 130% + of desired machines. Once old machines have + been killed, new MachineSet can be scaled + up further, ensuring that total number of + machines running at any time during the update + is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be unavailable during the update. + Value can be an absolute number (ex: 5) or + a percentage of desired machines (ex: 10%). + Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge + is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately + when the rolling update starts. Once new machines + are ready, old MachineSet can be scaled down + further, followed by scaling up the new MachineSet, + ensuring that the total number of machines + available at all times during the update is + at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + variables: + description: Variables can be used to customize the + MachineDeployment through patches. + properties: + overrides: + description: Overrides can be used to override Cluster + level variables. + items: + description: ClusterVariable can be used to customize + the Cluster through patches. Each ClusterVariable + is associated with a Variable definition in + the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where + the definition of this Variable is from. + DefinitionFrom is `inline` when the definition + is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass + `.spec.patches` where the patch is external + and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: + the value will be validated against the + schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to + use apiextensionsv1.JSON instead of a custom + JSON type, because controller-tools has + a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type + via controller-tools, i.e. it is not possible + to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + type: object + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: extensionconfigs.runtime.cluster.x-k8s.io +spec: + group: runtime.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ExtensionConfig + listKind: ExtensionConfigList + plural: extensionconfigs + shortNames: + - ext + singular: extensionconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ExtensionConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExtensionConfig is the Schema for the ExtensionConfig API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExtensionConfigSpec is the desired state of the ExtensionConfig + properties: + clientConfig: + description: ClientConfig defines how to communicate with the Extension + server. + properties: + caBundle: + description: CABundle is a PEM encoded CA bundle which will be + used to validate the Extension server's server certificate. + format: byte + type: string + service: + description: "Service is a reference to the Kubernetes service + for the Extension server. Note: Exactly one of `url` or `service` + must be specified. \n If the Extension server is running within + a cluster, then you should use `service`." + properties: + name: + description: Name is the name of the service. + type: string + namespace: + description: Namespace is the namespace of the service. + type: string + path: + description: Path is an optional URL path and if present may + be any string permissible in a URL. If a path is set it + will be used as prefix to the hook-specific path. + type: string + port: + description: Port is the port on the service that's hosting + the Extension server. Defaults to 443. Port should be a + valid port number (1-65535, inclusive). + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: "URL gives the location of the Extension server, + in standard URL form (`scheme://host:port/path`). Note: Exactly + one of `url` or `service` must be specified. \n The scheme must + be \"https\". \n The `host` should not refer to a service running + in the cluster; use the `service` field instead. \n A path is + optional, and if present may be any string permissible in a + URL. If a path is set it will be used as prefix to the hook-specific + path. \n Attempting to use a user or basic auth e.g. \"user:password@\" + is not allowed. Fragments (\"#...\") and query parameters (\"?...\") + are not allowed either." + type: string + type: object + namespaceSelector: + description: NamespaceSelector decides whether to call the hook for + an object based on whether the namespace for that object matches + the selector. Defaults to the empty LabelSelector, which matches + all objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + settings: + additionalProperties: + type: string + description: 'Settings defines key value pairs to be passed to all + calls to all supported RuntimeExtensions. Note: Settings can be + overridden on the ClusterClass.' + type: object + required: + - clientConfig + type: object + status: + description: ExtensionConfigStatus is the current state of the ExtensionConfig + properties: + conditions: + description: Conditions define the current service state of the ExtensionConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + handlers: + description: Handlers defines the current ExtensionHandlers supported + by an Extension. + items: + description: ExtensionHandler specifies the details of a handler + for a particular runtime hook registered by an Extension server. + properties: + failurePolicy: + description: FailurePolicy defines how failures in calls to + the ExtensionHandler should be handled by a client. Defaults + to Fail if not set. + type: string + name: + description: Name is the unique name of the ExtensionHandler. + type: string + requestHook: + description: RequestHook defines the versioned runtime hook + which this ExtensionHandler serves. + properties: + apiVersion: + description: APIVersion is the group and version of the + Hook. + type: string + hook: + description: Hook is the name of the hook. + type: string + required: + - apiVersion + - hook + type: object + timeoutSeconds: + description: TimeoutSeconds defines the timeout duration for + client calls to the ExtensionHandler. Defaults to 10 is not + set. + format: int32 + type: integer + required: + - name + - requestHook + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddresses.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - poolRef + - prefix + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinedeployments.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineDeployment + listKind: MachineDeploymentList + plural: machinedeployments + shortNames: + - md + singular: machinedeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + default: 1 + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachineDeployment + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineDeployment + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDeployment is the Schema for the machinedeployments API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: "Number of desired machines. This is a pointer to distinguish + between explicit zero and not specified. \n Defaults to: * if the + Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size - if the replicas + field of the old MachineDeployment is < min size, use min size - + if the replicas field of the old MachineDeployment is > max size, + use max size - if the replicas field of the old MachineDeployment + is in the (min size, max size) range, keep the value from the oldMD + * otherwise use 1 Note: Defaulting will be run whenever the replicas + field is not set: * A new MachineDeployment is created with replicas + not set. * On an existing MachineDeployment the replicas field was + first set and is now unset. Those cases are especially relevant + for the following Kubernetes autoscaler use cases: * A new MachineDeployment + is created and replicas should be managed by the autoscaler * An + existing MachineDeployment which initially wasn't controlled by + the autoscaler should be later controlled by the autoscaler" + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the MachineDeployment. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinehealthchecks.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineHealthCheck + listKind: MachineHealthCheckList + plural: machinehealthchecks + shortNames: + - mhc + - mhcs + singular: machinehealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineHealthCheck is the Schema for the machinehealthchecks + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinepools.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + shortNames: + - mp + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace existing machine + instances with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachinePool + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: 'Minimum number of seconds for which a newly created + machine instances should be ready. Defaults to 0 (machine instance + will be considered available as soon as it is ready) NOTE: No logic + is implemented for this field and it currently has no behaviour.' + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machines.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Machine + listKind: MachineList + plural: machines + shortNames: + - ma + singular: machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as cloud-init + details scripts. If nil, the Machine should remain in the Pending + state. \n Deprecated: Switch to DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller will + attempt to delete the Node that the Machine hosts after the Machine + is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time that + the controller will spend on waiting for all volumes to be detached. + The default value is 0, meaning that the volumes can be detached + without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + certificatesExpiryDate: + description: CertificatesExpiryDate is the expiry date of the machine + certificates. This value is only set for control plane machines. + format: date-time + type: string + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinesets.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineSet + listKind: MachineSetList + plural: machinesets + shortNames: + - ms + singular: machineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this machineset + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineSet + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineSet is the Schema for the machinesets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-role + namespace: capi-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - clusterresourcesets/finalizers + - clusterresourcesets/status + verbs: + - get + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusterclasses/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/finalizers + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + - machinedeployments/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + - machinehealthchecks/finalizers + - machinehealthchecks/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/finalizers + - machinepools/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/finalizers + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + - machinesets/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - get + - list + - watch +- apiGroups: + - runtime.cluster.x-k8s.io + resources: + - extensionconfigs + - extensionconfigs/status + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-rolebinding + namespace: capi-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-webhook-service + namespace: capi-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: cluster-api +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-controller-manager + namespace: capi-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/cluster-api-controller:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-serving-cert + namespace: capi-system +spec: + dnsNames: + - capi-webhook-service.capi-system.svc + - capi-webhook-service.capi-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-selfsigned-issuer + secretName: capi-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-selfsigned-issuer + namespace: capi-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.extensionconfig.runtime.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesetbindings + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None diff --git a/files/cluster-api/v1.5.6/infrastructure-components-development.yaml b/files/cluster-api/v1.5.6/infrastructure-components-development.yaml new file mode 100644 index 00000000..5d0f24e3 --- /dev/null +++ b/files/cluster-api/v1.5.6/infrastructure-components-development.yaml @@ -0,0 +1,2578 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged + name: capd-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockerclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerCluster + listKind: DockerClusterList + plural: dockerclusters + singular: dockercluster + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerCluster is the Schema for the dockerclusters API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerCluster is the Schema for the dockerclusters API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for the cluster + load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull + the haproxy image from. if not set, "kindest" will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the haproxy + image. if not set, "v20210715-a6da3463" will be used instead. + type: string + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of DockerCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerCluster is the Schema for the dockerclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are usually not defined in the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for the cluster + load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull + the haproxy image from. if not set, "kindest" will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the haproxy + image. if not set, "v20210715-a6da3463" will be used instead. + type: string + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockerclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerClusterTemplate + listKind: DockerClusterTemplateList + plural: dockerclustertemplates + singular: dockerclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of DockerClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerClusterTemplate is the Schema for the dockerclustertemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterTemplateSpec defines the desired state of DockerClusterTemplate. + properties: + template: + description: DockerClusterTemplateResource describes the data needed + to create a DockerCluster from a template. + properties: + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the + spec. The docker provider is special since failure domains + don't mean anything in a local docker environment. Instead, + the docker cluster controller will simply copy these into + the Status and allow the Cluster API controllers to do what + they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for + the cluster load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull the haproxy image from. if not set, "kindest" + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + haproxy image. if not set, "v20210715-a6da3463" will + be used instead. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerClusterTemplate is the Schema for the dockerclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterTemplateSpec defines the desired state of DockerClusterTemplate. + properties: + template: + description: DockerClusterTemplateResource describes the data needed + to create a DockerCluster from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are usually not defined in the + spec. The docker provider is special since failure domains + don't mean anything in a local docker environment. Instead, + the docker cluster controller will simply copy these into + the Status and allow the Cluster API controllers to do what + they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for + the cluster load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull the haproxy image from. if not set, "kindest" + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + haproxy image. if not set, "v20210715-a6da3463" will + be used instead. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachinePool + listKind: DockerMachinePoolList + plural: dockermachinepools + singular: dockermachinepool + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerMachinePool is the Schema for the dockermachinepools API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + description: DockerMachinePoolInstanceStatus contains status information + about a DockerMachinePool. + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerMachinePool is the Schema for the dockermachinepools API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + description: DockerMachinePoolInstanceStatus contains status information + about a DockerMachinePool. + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachinePool is the Schema for the dockermachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + description: DockerMachinePoolInstanceStatus contains status information + about a DockerMachinePool. + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: "Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine \n Deprecated: This field + will be removed in the next apiVersion. When removing also + remove from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachine + listKind: DockerMachineList + plural: dockermachines + singular: dockermachine + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerMachine is the Schema for the dockermachines API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping has + been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerMachine is the Schema for the dockermachines API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping has + been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Machine object which owns with this DockerMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Time duration since creation of DockerMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachine is the Schema for the dockermachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: "Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine \n Deprecated: This field will + be removed in the next apiVersion. When removing also remove from + staticcheck exclude-rules for SA1019 in golangci.yml." + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachineTemplate + listKind: DockerMachineTemplateList + plural: dockermachinetemplates + singular: dockermachinetemplate + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerMachineTemplate is the Schema for the dockermachinetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerMachineTemplate is the Schema for the dockermachinetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachineTemplate is the Schema for the dockermachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: "Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine \n Deprecated: This field + will be removed in the next apiVersion. When removing also + remove from staticcheck exclude-rules for SA1019 in golangci.yml." + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-manager + namespace: capd-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-leader-election-role + namespace: capd-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machines + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockerclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockerclusters/finalizers + - dockerclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachinepools/finalizers + - dockermachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachines/finalizers + - dockermachines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-leader-election-rolebinding + namespace: capd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capd-leader-election-role +subjects: +- kind: ServiceAccount + name: capd-manager + namespace: capd-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capd-manager-role +subjects: +- kind: ServiceAccount + name: capd-manager + namespace: capd-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-webhook-service + namespace: capd-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-docker +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + name: capd-controller-manager + namespace: capd-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: DOCKER_HOST + value: ${CAPD_DOCKER_HOST:=""} + image: gcr.io/k8s-staging-cluster-api/capd-manager:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + privileged: true + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/docker.sock + name: dockersock + serviceAccountName: capd-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capd-webhook-service-cert + - hostPath: + path: /var/run/docker.sock + name: dockersock +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-serving-cert + namespace: capd-system +spec: + dnsNames: + - capd-webhook-service.capd-system.svc + - capd-webhook-service.capd-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capd-selfsigned-issuer + secretName: capd-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-selfsigned-issuer + namespace: capd-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-dockercluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.dockercluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-dockerclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.dockerclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclustertemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-dockercluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockercluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-dockerclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockerclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-dockermachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockermachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockermachinetemplates + sideEffects: None diff --git a/files/cluster-api/v1.5.6/infrastructure-components-in-memory-development.yaml b/files/cluster-api/v1.5.6/infrastructure-components-in-memory-development.yaml new file mode 100644 index 00000000..edfbc5d7 --- /dev/null +++ b/files/cluster-api/v1.5.6/infrastructure-components-in-memory-development.yaml @@ -0,0 +1,1204 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + name: capim-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemoryclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryCluster + listKind: InMemoryClusterList + plural: inmemoryclusters + singular: inmemorycluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of InMemoryCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryCluster is the schema for the in-memory cluster API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryClusterSpec defines the desired state of the InMemoryCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + type: object + status: + description: InMemoryClusterStatus defines the observed state of the InMemoryCluster. + properties: + conditions: + description: Conditions defines current service state of the InMemoryCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + description: Ready denotes that the in-memory cluster (infrastructure) + is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemoryclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryClusterTemplate + listKind: InMemoryClusterTemplateList + plural: inmemoryclustertemplates + singular: inmemoryclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of InMemoryClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryClusterTemplate is the Schema for the inmemoryclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryClusterTemplateSpec defines the desired state of + InMemoryClusterTemplate. + properties: + template: + description: InMemoryClusterTemplateResource describes the data needed + to create a InMemoryCluster from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: InMemoryClusterSpec defines the desired state of + the InMemoryCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemorymachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryMachine + listKind: InMemoryMachineList + plural: inmemorymachines + singular: inmemorymachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Machine object which owns with this InMemoryMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Time duration since creation of InMemoryMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryMachine is the schema for the in-memory machine API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryMachineSpec defines the desired state of InMemoryMachine. + properties: + behaviour: + description: Behaviour of the InMemoryMachine; this will allow to + make a simulation more alike to real use cases e.g. by defining + the duration of the provisioning phase mimicking the performances + of the target infrastructure. + properties: + apiServer: + description: APIServer defines the behaviour of the APIServer + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the APIServer hosted on the InMemoryMachine is going to + be provisioned. NOTE: APIServer provisioning includes all + the steps from starting the static Pod to the Pod become + ready and being registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + etcd: + description: Etcd defines the behaviour of the etcd member hosted + on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the etcd member hosted on the InMemoryMachine is going to + be provisioned. NOTE: Etcd provisioning includes all the + steps from starting the static Pod to the Pod become ready + and being registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + node: + description: Node defines the behaviour of the Node (the kubelet) + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the Node (the kubelet) hosted on the InMemoryMachine is + going to be provisioned. NOTE: Node provisioning includes + all the steps from starting kubelet to the node become ready, + get a provider ID, and being registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + vm: + description: VM defines the behaviour of the VM implementing the + InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the VM implementing the InMemoryMachine is going to be provisioned. + NOTE: VM provisioning includes all the steps from creation + to power-on.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + type: object + providerID: + description: ProviderID will be the container name in ProviderID format + (in-memory:////) + type: string + type: object + status: + description: InMemoryMachineStatus defines the observed state of InMemoryMachine. + properties: + conditions: + description: Conditions defines current service state of the InMemoryMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + description: Ready denotes that the machine is ready + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemorymachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryMachineTemplate + listKind: InMemoryMachineTemplateList + plural: inmemorymachinetemplates + singular: inmemorymachinetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of InMemoryMachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryMachineTemplate is the schema for the in-memory machine + template API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryMachineTemplateSpec defines the desired state of + InMemoryMachineTemplate. + properties: + template: + description: InMemoryMachineTemplateResource describes the data needed + to create a InMemoryMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + behaviour: + description: Behaviour of the InMemoryMachine; this will allow + to make a simulation more alike to real use cases e.g. by + defining the duration of the provisioning phase mimicking + the performances of the target infrastructure. + properties: + apiServer: + description: APIServer defines the behaviour of the APIServer + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the APIServer hosted on the InMemoryMachine + is going to be provisioned. NOTE: APIServer provisioning + includes all the steps from starting the static + Pod to the Pod become ready and being registered + in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + etcd: + description: Etcd defines the behaviour of the etcd member + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the etcd member hosted on the InMemoryMachine + is going to be provisioned. NOTE: Etcd provisioning + includes all the steps from starting the static + Pod to the Pod become ready and being registered + in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + node: + description: Node defines the behaviour of the Node (the + kubelet) hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the Node (the kubelet) hosted on the InMemoryMachine + is going to be provisioned. NOTE: Node provisioning + includes all the steps from starting kubelet to + the node become ready, get a provider ID, and being + registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + vm: + description: VM defines the behaviour of the VM implementing + the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the VM implementing the InMemoryMachine is going + to be provisioned. NOTE: VM provisioning includes + all the steps from creation to power-on.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + type: object + providerID: + description: ProviderID will be the container name in ProviderID + format (in-memory:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-manager + namespace: capim-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-leader-election-role + namespace: capim-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machines + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemoryclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemoryclusters/finalizers + - inmemoryclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemorymachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemorymachines/finalizers + - inmemorymachines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-leader-election-rolebinding + namespace: capim-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capim-leader-election-role +subjects: +- kind: ServiceAccount + name: capim-manager + namespace: capim-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capim-manager-role +subjects: +- kind: ServiceAccount + name: capim-manager + namespace: capim-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-webhook-service + namespace: capim-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-in-memory +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + name: capim-controller-manager + namespace: capim-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --metrics-bind-addr=localhost:8080 + command: + - /manager + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: gcr.io/k8s-staging-cluster-api/capim-manager:v1.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capim-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capim-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-serving-cert + namespace: capim-system +spec: + dnsNames: + - capim-webhook-service.capim-system.svc + - capim-webhook-service.capim-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capim-selfsigned-issuer + secretName: capim-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-selfsigned-issuer + namespace: capim-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorycluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemorycluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemoryclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemoryclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemorymachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemorymachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachinetemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorycluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemorycluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemoryclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemoryclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemorymachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemorymachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachinetemplates + sideEffects: None diff --git a/files/cluster-api/v1.5.6/metadata.yaml b/files/cluster-api/v1.5.6/metadata.yaml new file mode 100644 index 00000000..49d96b1c --- /dev/null +++ b/files/cluster-api/v1.5.6/metadata.yaml @@ -0,0 +1,32 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata +releaseSeries: + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1alpha4 + - major: 0 + minor: 3 + contract: v1alpha3 diff --git a/files/cluster-api/v1.5.6/runtime-extension-components-development.yaml b/files/cluster-api/v1.5.6/runtime-extension-components-development.yaml new file mode 100644 index 00000000..da130abc --- /dev/null +++ b/files/cluster-api/v1.5.6/runtime-extension-components-development.yaml @@ -0,0 +1,150 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager + namespace: test-extension-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - patch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: test-extension-manager-role +subjects: +- kind: ServiceAccount + name: test-extension-manager + namespace: test-extension-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-webhook-service + namespace: test-extension-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager + namespace: test-extension-system +spec: + replicas: 1 + selector: + matchLabels: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test + template: + metadata: + labels: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test + spec: + containers: + - command: + - /manager + image: gcr.io/k8s-staging-cluster-api/test-extension:v1.5.6 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: test-extension-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: test-extension-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-serving-cert + namespace: test-extension-system +spec: + dnsNames: + - test-extension-webhook-service.test-extension-system.svc + - test-extension-webhook-service.test-extension-system.svc.cluster.local + - localhost + issuerRef: + kind: Issuer + name: test-extension-selfsigned-issuer + secretName: test-extension-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-selfsigned-issuer + namespace: test-extension-system +spec: + selfSigned: {} diff --git a/files/cluster-api/v1.5.6/runtime-sdk-openapi.yaml b/files/cluster-api/v1.5.6/runtime-sdk-openapi.yaml new file mode 100644 index 00000000..060968b8 --- /dev/null +++ b/files/cluster-api/v1.5.6/runtime-sdk-openapi.yaml @@ -0,0 +1,2237 @@ +components: + schemas: + k8s.io.api.core.v1.ObjectReference: + description: ObjectReference contains enough information to let you inspect + or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the object + reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container + that triggered the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only to have + some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, + if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON: + description: 'JSON represents any valid JSON value. These types are supported: + bool, int64, float64, string, []interface{}, map[string]interface{} and nil.' + k8s.io.apimachinery.pkg.apis.meta.v1.Duration: + description: Duration is a wrapper around time.Duration which supports correct + marshaling to YAML and JSON. In particular, it marshals into strings, which + can be used as map keys in json. + type: string + k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1: + description: |- + FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. + + Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set. + + The exact format is defined in sigs.k8s.io/structured-merge-diff + type: object + k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry: + description: ManagedFieldsEntry is a workflow-id, a FieldSet and the group version + of the resource that the fieldset applies to. + properties: + apiVersion: + description: APIVersion defines the version of this resource that this field + set applies to. The format is "group/version" just like the top-level + APIVersion field. It is necessary to track the version of a field set + because it cannot be automatically converted. + type: string + fieldsType: + description: 'FieldsType is the discriminator for the different fields format + and version. There is currently only one possible value: "FieldsV1"' + type: string + fieldsV1: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1' + description: FieldsV1 holds the first JSON version format as described in + the "FieldsV1" type. + manager: + description: Manager is an identifier of the workflow managing these fields. + type: string + operation: + description: Operation is the type of operation which lead to this ManagedFieldsEntry + being created. The only valid values for this field are 'Apply' and 'Update'. + type: string + subresource: + description: Subresource is the name of the subresource used to update that + object, or empty string if the object was updated through the main resource. + The value of this field is used to distinguish between managers, even + if they share the same name. For example, a status update will be distinct + from a regular update using the same manager name. Note that the APIVersion + field is not related to the Subresource field and it always corresponds + to the version of the main resource. + type: string + time: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + description: Time is timestamp of when these fields were set. It should + always be empty if Operation is 'Apply' + type: object + k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta: + description: ObjectMeta is metadata that all persisted resources must have, + which includes all objects users must create. + properties: + annotations: + additionalProperties: + default: "" + type: string + description: 'Annotations is an unstructured key value map stored with a + resource that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is + used to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is going + to ignore it if set in create or update request. + type: string + creationTimestamp: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + default: {} + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + description: |- + DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. + + Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + finalizers: + description: Must be empty before the object is deleted from the registry. + Each entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is non-nil, + entries in this list can only be removed. Finalizers may be processed + and removed in any order. Order is NOT enforced because it introduces + significant risk of stuck finalizers. finalizers is a shared field, any + actor with permission can reorder it. If the finalizer list is processed + in order, then this can lead to a situation in which the component responsible + for the first finalizer in the list is waiting for a signal (field value, + external system, or other) produced by a component responsible for a finalizer + later in the list, resulting in a deadlock. Without enforced ordering + finalizers are free to order amongst themselves and are not vulnerable + to ordering changes in the list. + items: + default: "" + type: string + type: array + x-kubernetes-patch-strategy: merge + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the + desired state. Populated by the system. Read-only. + format: int64 + type: integer + labels: + additionalProperties: + default: "" + type: string + description: 'Map of string keys and values that can be used to organize + and categorize (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + managedFields: + description: ManagedFields maps workflow-id and version to the set of fields + that are managed by that workflow. This is mostly for internal housekeeping, + and users typically shouldn't need to set or understand this field. A + workflow can be the user's name, a controller's name, or the name of a + specific apply path like "ci-cd". The set of fields is always in the version + that the workflow used when modifying the object. + items: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry' + default: {} + type: array + name: + description: 'Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the generation + of an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in + the list have been deleted, this object will be garbage collected. If + this object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + items: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference' + default: {} + type: array + x-kubernetes-patch-merge-key: uid + x-kubernetes-patch-strategy: merge + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: |- + SelfLink is a URL representing this object. Populated by the system. Read-only. + + DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference: + description: OwnerReference contains enough information to let you identify + an owning object. An owning object must be in the same namespace as the dependent, + or be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + default: "" + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this reference + is removed. Defaults to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + default: "" + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + default: "" + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + default: "" + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + k8s.io.apimachinery.pkg.apis.meta.v1.Time: + description: Time is a wrapper around time.Time which supports correct marshaling + to YAML and JSON. Wrappers are provided for many of the factory methods that + the time package offers. + format: date-time + type: string + k8s.io.apimachinery.pkg.runtime.RawExtension: + description: "RawExtension is used to hold extensions in external versions.\n\nTo + use this, make a field which has RawExtension as its type in your external, + versioned struct, and Object in your internal struct. You also need to register + your various plugin types.\n\n// Internal package: type MyAPIObject struct + {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} + type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External + package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin + runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption + string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something + like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": + {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what + happens? Decode first uses json or yaml to unmarshal the serialized data into + your external MyAPIObject. That causes the raw JSON to be stored, but not + unpacked. The next step is to copy (using pkg/conversion) into the internal + struct. The runtime package's DefaultScheme has conversion functions installed + which will unpack the JSON stored in RawExtension, turning it into the correct + object type, and storing it in the Object. (TODO: In the case where the object + is of an unknown type, a runtime.Unknown object will be created and stored.)" + type: object + k8s.io.apimachinery.pkg.util.intstr.IntOrString: + description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + oneOf: + - type: integer + - type: string + x-kubernetes-v2-schema: + description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + sigs.k8s.io.cluster-api.api.v1beta1.APIEndpoint: + description: APIEndpoint represents a reachable Kubernetes API endpoint. + properties: + host: + default: "" + description: The hostname on which the API server is serving. + type: string + port: + default: 0 + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + sigs.k8s.io.cluster-api.api.v1beta1.Cluster: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta' + default: {} + spec: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterSpec' + default: {} + status: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterStatus' + default: {} + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterClassVariable: + description: ClusterClassVariable defines a variable which can be configured + in the Cluster topology and used in patches. + properties: + name: + default: "" + description: Name of the variable. + type: string + required: + default: false + description: 'Required specifies if the variable is required. Note: this + applies to the variable as a whole and thus the top-level object defined + in the schema. If nested fields are required, this will be specified inside + the schema.' + type: boolean + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.VariableSchema' + default: {} + description: Schema defines the schema of the variable. + required: + - name + - required + - schema + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterNetwork: + description: ClusterNetwork specifies the different networking parameters for + a cluster. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should bind + to. Defaults to 6443. + format: int32 + type: integer + pods: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.NetworkRanges' + description: The network ranges from which Pod networks are allocated. + serviceDomain: + description: Domain name for services. + type: string + services: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.NetworkRanges' + description: The network ranges from which service VIPs are allocated. + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterSpec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterNetwork' + description: Cluster network configuration. + controlPlaneEndpoint: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.APIEndpoint' + default: {} + description: ControlPlaneEndpoint represents the endpoint used to communicate + with the control plane. + controlPlaneRef: + $ref: '#/components/schemas/k8s.io.api.core.v1.ObjectReference' + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane for + a Cluster. + infrastructureRef: + $ref: '#/components/schemas/k8s.io.api.core.v1.ObjectReference' + description: InfrastructureRef is a reference to a provider-specific resource + that holds the details for provisioning infrastructure for a cluster in + said provider. + paused: + description: Paused can be used to prevent controllers from processing the + Cluster and all its associated objects. + type: boolean + topology: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Topology' + description: 'This encapsulates the topology for the cluster. NOTE: It is + required to enable the ClusterTopology feature gate flag to activate managed + topologies support; this feature is highly experimental, and parts of + it might still be not implemented.' + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterStatus: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Condition' + default: {} + type: array + controlPlaneReady: + default: false + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.FailureDomainSpec' + default: {} + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + default: false + description: InfrastructureReady is the state of the infrastructure provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed by the + controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. E.g. + Pending, Running, Terminating, Failed etc. + type: string + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable: + description: ClusterVariable can be used to customize the Cluster through patches. + Each ClusterVariable is associated with a Variable definition in the ClusterClass + `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where the definition of this Variable + is from. DefinitionFrom is `inline` when the definition is from the ClusterClass + `.spec.variables` or the name of a patch defined in the ClusterClass `.spec.patches` + where the patch is external and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass + `status.variables[]`' + type: string + name: + default: "" + description: Name of the variable. + type: string + value: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + default: {} + description: 'Value of the variable. Note: the value will be validated against + the schema of the corresponding ClusterClassVariable from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, + because controller-tools has a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type via controller-tools, i.e. it + is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + required: + - name + - value + type: object + sigs.k8s.io.cluster-api.api.v1beta1.Condition: + description: Condition defines an observation of a Cluster API resource operational + state. + properties: + lastTransitionTime: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + default: {} + description: Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + message: + description: A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a + guaranteed API. This field may not be empty. + type: string + severity: + description: Severity provides an explicit classification of Reason code, + so the users or machines can immediately understand the current situation + and act accordingly. The Severity field MUST be set only when Status=False. + type: string + status: + default: "" + description: Status of the condition, one of True, False, Unknown. + type: string + type: + default: "" + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, + but because arbitrary conditions can be useful (see .node.status.conditions), + the ability to deconflict is important. + type: string + required: + - type + - status + - lastTransitionTime + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ControlPlaneTopology: + description: ControlPlaneTopology specifies the parameters for the control plane + nodes in the cluster. + properties: + machineHealthCheck: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineHealthCheckTopology' + description: MachineHealthCheck allows to enable, disable and override the + MachineHealthCheck configuration in the ClusterClass for this control + plane. + metadata: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta' + default: {} + description: Metadata is the metadata applied to the ControlPlane and the + Machines of the ControlPlane if the ControlPlaneTemplate referenced by + the ClusterClass is machine based. If not, it is applied only to the ControlPlane. + At runtime this metadata is merged with the corresponding metadata from + the ClusterClass. + nodeDeletionTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeDeletionTimeout defines how long the controller will attempt + to delete the Node that the Machine hosts after the Machine is marked + for deletion. A duration of 0 will retry deletion indefinitely. Defaults + to 10 seconds. + nodeDrainTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: 'NodeDrainTimeout is the total amount of time that the controller + will spend on draining a node. The default value is 0, meaning that the + node can be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + nodeVolumeDetachTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeVolumeDetachTimeout is the total amount of time that the + controller will spend on waiting for all volumes to be detached. The default + value is 0, meaning that the volumes can be detached without any time + limitations. + replicas: + description: Replicas is the number of control plane nodes. If the value + is nil, the ControlPlane object is created without the number of Replicas + and it's assumed that the control plane controller does not implement + support for this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + sigs.k8s.io.cluster-api.api.v1beta1.FailureDomainSpec: + description: FailureDomainSpec is the Schema for Cluster API failure domains. + It allows controllers to understand how many failure domains a cluster can + optionally span across. + properties: + attributes: + additionalProperties: + default: "" + type: string + description: Attributes is a free form map of attributes an infrastructure + provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain is suitable + for use by control plane machines. + type: boolean + type: object + sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps: + description: JSONSchemaProps is a JSON-Schema following Specification Draft + 4 (http://json-schema.org/). This struct has been initially copied from apiextensionsv1.JSONSchemaProps, + but all fields which are not supported in CAPI have been removed. + properties: + additionalProperties: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + description: 'AdditionalProperties specifies the schema of values in a map + (keys are always strings). NOTE: Can only be set if type is object. NOTE: + AdditionalProperties is mutually exclusive with Properties. NOTE: This + field uses PreserveUnknownFields and Schemaless, because recursive validation + is not possible.' + default: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + description: 'Default is the default value of the variable. NOTE: Can be + set for all types.' + description: + description: Description is a human-readable description of this variable. + type: string + enum: + description: 'Enum is the list of valid values of the variable. NOTE: Can + be set for all types.' + items: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + default: {} + type: array + example: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + description: Example is an example for this variable. + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the Maximum is exclusive. NOTE: + Can only be set if type is integer or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the Minimum is exclusive. NOTE: + Can only be set if type is integer or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. Unknown formats are + ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + description: 'Items specifies fields of an array. NOTE: Can only be set + if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + maxItems: + description: 'MaxItems is the max length of an array variable. NOTE: Can + only be set if type is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a string variable. NOTE: Can + only be set if type is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer or number variable. If + ExclusiveMaximum is false, the variable is valid if it is lower than, + or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable + is valid if it is strictly lower than the value of Maximum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an array variable. NOTE: Can + only be set if type is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a string variable. NOTE: Can + only be set if type is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer or number variable. If + ExclusiveMinimum is false, the variable is valid if it is greater than, + or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable + is valid if it is strictly greater than the value of Minimum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string variable must match. NOTE: + Can only be set if type is string.' + type: string + properties: + additionalProperties: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + default: {} + description: 'Properties specifies fields of an object. NOTE: Can only be + set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. + NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive + validation is not possible.' + type: object + required: + description: 'Required specifies which fields of an object are required. + NOTE: Can only be set if type is object.' + items: + default: "" + type: string + type: array + type: + default: "" + description: 'Type is the type of the variable. Valid values are: object, + array, string, integer, number or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in an array must be unique. + NOTE: Can only be set if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields in a variable + object which are not defined in the variable schema. This affects fields + recursively, except if nested properties or additionalProperties are specified + in the schema. + type: boolean + required: + - type + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentStrategy: + description: MachineDeploymentStrategy describes how to replace existing machines + with new ones. + properties: + rollingUpdate: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineRollingUpdateDeployment' + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + type: + description: Type of deployment. Default is RollingUpdate. + type: string + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentTopology: + description: MachineDeploymentTopology specifies the different parameters for + a set of worker nodes in the topology. This set of nodes is managed by a MachineDeployment + object whose lifecycle is managed by the Cluster controller. + properties: + class: + default: "" + description: Class is the name of the MachineDeploymentClass used to create + the set of worker nodes. This should match one of the deployment classes + defined in the ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomain: + description: FailureDomain is the failure domain the machines will be created + in. Must match a key in the FailureDomains map stored on the cluster object. + type: string + machineHealthCheck: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineHealthCheckTopology' + description: MachineHealthCheck allows to enable, disable and override the + MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. + metadata: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta' + default: {} + description: Metadata is the metadata applied to the MachineDeployment and + the machines of the MachineDeployment. At runtime this metadata is merged + with the corresponding metadata from the ClusterClass. + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available as + soon as it is ready) + format: int32 + type: integer + name: + default: "" + description: Name is the unique identifier for this MachineDeploymentTopology. + The value is used with other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name is greater than the + allowed maximum length, the values are hashed together. + type: string + nodeDeletionTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeDeletionTimeout defines how long the controller will attempt + to delete the Node that the Machine hosts after the Machine is marked + for deletion. A duration of 0 will retry deletion indefinitely. Defaults + to 10 seconds. + nodeDrainTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: 'NodeDrainTimeout is the total amount of time that the controller + will spend on draining a node. The default value is 0, meaning that the + node can be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + nodeVolumeDetachTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeVolumeDetachTimeout is the total amount of time that the + controller will spend on waiting for all volumes to be detached. The default + value is 0, meaning that the volumes can be detached without any time + limitations. + replicas: + description: Replicas is the number of worker nodes belonging to this set. + If the value is nil, the MachineDeployment is created without the number + of Replicas (defaulting to 1) and it's assumed that an external entity + (like cluster autoscaler) is responsible for the management of this value. + format: int32 + type: integer + strategy: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentStrategy' + description: The deployment strategy to use to replace existing machines + with new ones. + variables: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentVariables' + description: Variables can be used to customize the MachineDeployment through + patches. + required: + - class + - name + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentVariables: + description: MachineDeploymentVariables can be used to provide variables for + a specific MachineDeployment. + properties: + overrides: + description: Overrides can be used to override Cluster level variables. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable' + default: {} + type: array + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineHealthCheckTopology: + description: MachineHealthCheckTopology defines a MachineHealthCheck for a group + of machines. + properties: + enable: + description: |- + Enable controls if a MachineHealthCheck should be created for the target machines. + + If false: No MachineHealthCheck will be created. + + If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if `enable` is true and no MachineHealthCheck definition is available. + type: boolean + maxUnhealthy: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString' + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + nodeStartupTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: Machines older than this duration without a node will be considered + to have failed and will be remediated. If you wish to disable this feature, + set the value explicitly to 0. + remediationTemplate: + $ref: '#/components/schemas/k8s.io.api.core.v1.ObjectReference' + description: |- + RemediationTemplate is a reference to a remediation template provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions that + determine whether a node is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.UnhealthyCondition' + default: {} + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number of machines + selected by "selector" as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This means that remediation + will be allowed only when: (a) there are at least 3 unhealthy machines + (and) (b) there are at most 5 unhealthy machines' + type: string + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineRollingUpdateDeployment: + description: MachineRollingUpdateDeployment is used to control the desired behavior + of rolling update. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, the default DeletePolicy + of MachineSet is used + type: string + maxSurge: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString' + description: 'The maximum number of machines that can be scheduled above + the desired number of machines. Value can be an absolute number (ex: 5) + or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total number + of old and new machines do not exceed 130% of desired machines. Once old + machines have been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during the update is + at most 130% of desired machines.' + maxUnavailable: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString' + description: 'The maximum number of machines that can be unavailable during + the update. Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: + when this is set to 30%, the old MachineSet can be scaled down to 70% + of desired machines immediately when the rolling update starts. Once new + machines are ready, old MachineSet can be scaled down further, followed + by scaling up the new MachineSet, ensuring that the total number of machines + available at all times during the update is at least 70% of desired machines.' + type: object + sigs.k8s.io.cluster-api.api.v1beta1.NetworkRanges: + description: NetworkRanges represents ranges of network addresses. + properties: + cidrBlocks: + items: + default: "" + type: string + type: array + required: + - cidrBlocks + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta. + + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience. + + During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: "null"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package. + + In more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable. + + In future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited. + properties: + annotations: + additionalProperties: + default: "" + type: string + description: 'Annotations is an unstructured key value map stored with a + resource that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + default: "" + type: string + description: 'Map of string keys and values that can be used to organize + and categorize (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + sigs.k8s.io.cluster-api.api.v1beta1.Topology: + description: Topology encapsulates the information of the managed resources. + properties: + class: + default: "" + description: The name of the ClusterClass object to create the topology. + type: string + controlPlane: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ControlPlaneTopology' + default: {} + description: ControlPlane describes the cluster control plane. + rolloutAfter: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + description: |- + RolloutAfter performs a rollout of the entire cluster one component at a time, control plane first and then machine deployments. + + Deprecated: This field has no function and is going to be removed in the next apiVersion. + variables: + description: Variables can be used to customize the Cluster through patches. + They must comply to the corresponding VariableClasses defined in the ClusterClass. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable' + default: {} + type: array + version: + default: "" + description: The Kubernetes version of the cluster. + type: string + workers: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.WorkersTopology' + description: Workers encapsulates the different constructs that form the + worker nodes for the cluster. + required: + - class + - version + type: object + sigs.k8s.io.cluster-api.api.v1beta1.UnhealthyCondition: + description: UnhealthyCondition represents a Node condition type and value with + a timeout specified as a duration. When the named condition has been in the + given status for at least the timeout value, a node is considered unhealthy. + properties: + status: + default: "" + type: string + timeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + default: 0 + type: + default: "" + type: string + required: + - type + - status + - timeout + type: object + sigs.k8s.io.cluster-api.api.v1beta1.VariableSchema: + description: VariableSchema defines the schema of a variable. + properties: + openAPIV3Schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + default: {} + description: OpenAPIV3Schema defines the schema of a variable via OpenAPI + v3 schema. The schema is a subset of the schema used in Kubernetes CRDs. + required: + - openAPIV3Schema + type: object + sigs.k8s.io.cluster-api.api.v1beta1.WorkersTopology: + description: WorkersTopology represents the different sets of worker nodes in + the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments in the + cluster. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentTopology' + default: {} + type: array + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeRequest: + description: AfterClusterUpgradeRequest is the request of the AfterClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + default: "" + description: KubernetesVersion is the Kubernetes version after upgrade. + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + - kubernetesVersion + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeResponse: + description: AfterClusterUpgradeResponse is the response of the AfterClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedRequest: + description: AfterControlPlaneInitializedRequest is the request of the AfterControlPlaneInitialized + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedResponse: + description: AfterControlPlaneInitializedResponse is the response of the AfterControlPlaneInitialized + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeRequest: + description: AfterControlPlaneUpgradeRequest is the request of the AfterControlPlaneUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + default: "" + description: KubernetesVersion is the Kubernetes version of the Control + Plane after the upgrade. + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + - kubernetesVersion + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeResponse: + description: AfterControlPlaneUpgradeResponse is the response of the AfterControlPlaneUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateRequest: + description: BeforeClusterCreateRequest is the request of the BeforeClusterCreate + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateResponse: + description: BeforeClusterCreateResponse is the response of the BeforeClusterCreate + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteRequest: + description: BeforeClusterDeleteRequest is the request of the BeforeClusterDelete + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteResponse: + description: BeforeClusterDeleteResponse is the response of the BeforeClusterDelete + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeRequest: + description: BeforeClusterUpgradeRequest is the request of the BeforeClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + fromKubernetesVersion: + default: "" + description: FromKubernetesVersion is the current Kubernetes version of + the cluster. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + toKubernetesVersion: + default: "" + description: ToKubernetesVersion is the target Kubernetes version of the + upgrade. + type: string + required: + - cluster + - fromKubernetesVersion + - toKubernetesVersion + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeResponse: + description: BeforeClusterUpgradeResponse is the response of the BeforeClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesRequest: + description: DiscoverVariablesRequest is the request of the DiscoverVariables + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesResponse: + description: DiscoverVariablesResponse is the response of the DiscoverVariables + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + variables: + description: Variables are variable schemas for variables defined by the + DiscoverVariables hook. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterClassVariable' + default: {} + type: array + required: + - status + - message + - variables + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryRequest: + description: DiscoveryRequest is the request of the Discovery hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryResponse: + description: DiscoveryResponse is the response of the Discovery hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + handlers: + description: Handlers defines the current ExtensionHandlers supported by + an Extension. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ExtensionHandler' + default: {} + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - handlers + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ExtensionHandler: + description: ExtensionHandler represents the discovery information for an extension + handler which includes the hook it supports. + properties: + failurePolicy: + description: FailurePolicy defines how failures in calls to the ExtensionHandler + should be handled by a client. This is defaulted to FailurePolicyFail + if not defined. + type: string + name: + default: "" + description: Name is the name of the ExtensionHandler. + type: string + requestHook: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GroupVersionHook' + default: {} + description: RequestHook defines the versioned runtime hook which this ExtensionHandler + serves. + timeoutSeconds: + description: TimeoutSeconds defines the timeout duration for client calls + to the ExtensionHandler. This is defaulted to 10 if left undefined. + format: int32 + type: integer + required: + - name + - requestHook + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequest: + description: GeneratePatchesRequest is the request of the GeneratePatches hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + items: + description: Items is the list of templates to generate patches for. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequestItem' + default: {} + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + variables: + description: Variables are global variables for all templates. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - variables + - items + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequestItem: + description: GeneratePatchesRequestItem represents a template to generate patches + for. + properties: + holderReference: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.HolderReference' + default: {} + description: HolderReference is a reference to the object where the template + is used. + object: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.runtime.RawExtension' + default: {} + description: Object contains the template as a raw object. + uid: + default: "" + description: UID is an identifier for this template. It allows us to correlate + the template in the request with the corresponding generated patches in + the response. + type: string + variables: + description: Variables are variables specific for the current template. + For example some builtin variables like MachineDeployment replicas and + version are context-sensitive and thus are only added to templates for + MachineDeployments and with values which correspond to the current MachineDeployment. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - uid + - holderReference + - object + - variables + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponse: + description: 'GeneratePatchesResponse is the response of the GeneratePatches + hook. NOTE: The patches in GeneratePatchesResponse will be applied in the + order in which they are defined to the templates of the request. Thus applying + changes consecutively when iterating through internal and external patches.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + items: + description: Items is the list of generated patches. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponseItem' + default: {} + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - items + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponseItem: + description: GeneratePatchesResponseItem is a generated patch. + properties: + patch: + description: Patch contains the patch which should be applied to the template. + It must be of the corresponding PatchType. + format: byte + type: string + patchType: + default: "" + description: |- + PatchType defines the type of the patch. One of: "JSONPatch" or "JSONMergePatch". + + Possible enum values: + - `"JSONMergePatch"` identifies a https://datatracker.ietf.org/doc/html/rfc7386 JSON merge patch. + - `"JSONPatch"` identifies a https://datatracker.ietf.org/doc/html/rfc6902 JSON patch. + enum: + - JSONMergePatch + - JSONPatch + type: string + uid: + default: "" + description: UID identifies the corresponding template in the request on + which the patch should be applied. + type: string + required: + - uid + - patchType + - patch + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GroupVersionHook: + description: GroupVersionHook defines the runtime hook when the ExtensionHandler + is called. + properties: + apiVersion: + default: "" + description: APIVersion is the group and version of the Hook + type: string + hook: + default: "" + description: Hook is the name of the hook + type: string + required: + - apiVersion + - hook + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.HolderReference: + description: HolderReference represents a reference to an object which holds + a template. + properties: + apiVersion: + default: "" + description: API version of the referent. + type: string + fieldPath: + default: "" + description: FieldPath is the path to the field of the object which references + the template. + type: string + kind: + default: "" + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + default: "" + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + default: "" + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - apiVersion + - kind + - namespace + - name + - fieldPath + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequest: + description: ValidateTopologyRequest is the request of the ValidateTopology + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + items: + description: Items is the list of templates to validate. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequestItem' + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + variables: + description: Variables are global variables for all templates. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - variables + - items + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequestItem: + description: ValidateTopologyRequestItem represents a template to validate. + properties: + holderReference: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.HolderReference' + default: {} + description: HolderReference is a reference to the object where the template + is used. + object: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.runtime.RawExtension' + default: {} + description: Object contains the template as a raw object. + variables: + description: Variables are variables specific for the current template. + For example some builtin variables like MachineDeployment replicas and + version are context-sensitive and thus are only added to templates for + MachineDeployments and with values which correspond to the current MachineDeployment. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - holderReference + - object + - variables + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyResponse: + description: ValidateTopologyResponse is the response of the ValidateTopology + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable: + description: Variable represents a variable value. + properties: + name: + default: "" + description: Name of the variable. + type: string + value: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + default: {} + description: Value of the variable. + required: + - name + - value + type: object +info: + description: |- + This document defines the Open API specification of the services that Cluster API runtime is going to call while managing the Cluster's lifecycle. + + Services described in this specification are also referred to as Runtime Hooks, given that they allow external components to hook-in the cluster's lifecycle. The corresponding components implementing handlers for Runtime Hooks calls are referred to as Runtime Extensions. + + More information is available in the [Cluster API book](https://cluster-api.sigs.k8s.io/). + license: + name: Apache 2.0 + url: http://www.apache.org/licenses/LICENSE-2.0.html + title: Cluster API - Runtime SDK + version: v1.5.6 +openapi: 3.0.0 +paths: + /hooks.runtime.cluster.x-k8s.io/v1alpha1/afterclusterupgrade/{name}: + post: + description: "Cluster API Runtime will call this hook after a Cluster has been + upgraded to the version specified in spec.topology.version. An upgrade is + completed when all control plane and MachineDeployment's Machines have been + upgraded.\n\nNotes:\n- This hook will be called only for Clusters with a managed + topology\n- The call's request contains the Cluster object and the Kubernetes + version we upgraded to \n- This is a non-blocking hook" + operationId: hooksRuntimeClusterV1alpha1Afterclusterupgrade + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after a Cluster is upgraded + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/aftercontrolplaneinitialized/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the control plane for the Cluster is reachable for the first time. + + Notes: + - This hook will be called only for Clusters with a managed topology + - This is a non-blocking hook + operationId: hooksRuntimeClusterV1alpha1Aftercontrolplaneinitialized + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after the control plane is + reachable for the first time + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/aftercontrolplaneupgrade/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the a cluster's control plane has been upgraded to the version specified in spec.topology.version, and immediately before the new version is going to be propagated to the MachineDeployments. A control plane upgrade is completed when all the machines in the control plane have been upgraded. + + Notes: + - This hook will be called only for Clusters with a managed topology + - The call's request contains the Cluster object and the Kubernetes version we upgraded to + - This is a blocking hook; Runtime Extension implementers can use this hook to execute tasks before the new version is propagated to the MachineDeployments + operationId: hooksRuntimeClusterV1alpha1Aftercontrolplaneupgrade + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after the control plane is + upgraded + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/beforeclustercreate/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the Cluster is created by the user and immediately before all the objects which are part of a Cluster's topology are going to be created. + + Notes: + - This hook will be called only for Clusters with a managed topology + - The call's request contains the Cluster object + - This is a blocking hook; Runtime Extension implementers can use this hook to execute + tasks before the objects which are part of a Cluster's topology are created + operationId: hooksRuntimeClusterV1alpha1Beforeclustercreate + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook before a Cluster's topology + is created + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/beforeclusterdelete/{name}: + post: + description: "Cluster API Runtime will call this hook after the Cluster deletion + has been triggered by the user, and immediately before objects of the Cluster + are going to be deleted.\n\nNotes:\n- This hook will be called only for Clusters + with a managed topology\n- The call's request contains the Cluster object + \n- This is a blocking hook; Runtime Extension implementers can use this hook + \ to execute tasks before objects of the Cluster are deleted" + operationId: hooksRuntimeClusterV1alpha1Beforeclusterdelete + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook before the Cluster is deleted + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/beforeclusterupgrade/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the Cluster object has been updated with a new spec.topology.version by the user, and immediately before the new version is propagated to the control plane. + + Notes: + - This hook will be called only for Clusters with a managed topology + - The call's request contains the Cluster object, the current Kubernetes version and the Kubernetes version we are upgrading to + - This is a blocking hook; Runtime Extension implementers can use this hook to execute tasks before the new version is propagated to the control plane + operationId: hooksRuntimeClusterV1alpha1Beforeclusterupgrade + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook before the Cluster is upgraded + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/discovervariables/{name}: + post: + description: |- + Cluster API Runtime will call this hook when ClusterClass variables are being computed during the ClusterClass reconcile loop.Notes: + - The response must contain the schemas of all variables defined by the patch. + operationId: hooksRuntimeClusterV1alpha1Discovervariables + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook when ClusterClass variables + are being computed + tags: + - Topology Mutation Hook + /hooks.runtime.cluster.x-k8s.io/v1alpha1/discovery: + post: + description: |- + Cluster API Runtime will call this hook when an ExtensionConfig is reconciled. Runtime Extension implementers must use this hook to inform the Cluster API runtime about all the handlers that are defined in an external component implementing Runtime Extensions. + + Notes: + - When using Runtime SDK utils, a handler for this hook is automatically generated + operationId: hooksRuntimeClusterV1alpha1Discovery + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook when an ExtensionConfig is + reconciled + tags: + - Discovery + /hooks.runtime.cluster.x-k8s.io/v1alpha1/generatepatches/{name}: + post: + description: |- + Cluster API Runtime will call this hook when a Cluster's topology is being computed during each topology controller reconcile loop. More specifically, this hook will be called while computing patches to be applied on top of templates derived from the Cluster's ClusterClass. + + Notes: + - The call's request contains all templates, the global variables and the template-specific variables required to compute patches + - The response must contain generated patches + operationId: hooksRuntimeClusterV1alpha1Generatepatches + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook when a Cluster's topology is + being computed + tags: + - Topology Mutation Hook + /hooks.runtime.cluster.x-k8s.io/v1alpha1/validatetopology/{name}: + post: + description: |- + Cluster API Runtime will call this hook after a Cluster's topology has been computed during each topology controller reconcile loop. More specifically, this hook will be called after all patches have been applied to the templates derived from the Cluster's ClusterClass. + + Notes: + - The call's request contains all templates, the global variables and the template-specific variables used while computing patches + - The response must contain the result of the validation + operationId: hooksRuntimeClusterV1alpha1Validatetopology + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after a Cluster's topology + has been computed + tags: + - Topology Mutation Hook diff --git a/files/cluster-api/v1.6.2/bootstrap-components.yaml b/files/cluster-api/v1.6.2/bootstrap-components.yaml new file mode 100644 index 00000000..62c71f74 --- /dev/null +++ b/files/cluster-api/v1.6.2/bootstrap-components.yaml @@ -0,0 +1,6644 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfig + listKind: KubeadmConfigList + plural: kubeadmconfigs + singular: kubeadmconfig + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `k8s.gcr.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `k8s.gcr.io` will be used for all the other + images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should be + used for Kubernetes components instead of their respective separate + images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information TODO: revisit when there + is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + bootstrapData: + description: "BootstrapData will be a cloud-init script for now. \n + Deprecated: Switch to DataSecretName." + format: byte + type: string + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `registry.k8s.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for all the + other images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfig is the Schema for the kubeadmconfigs API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry to pull + images from. * If not set, the default registry of kubeadm will + be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): + all older versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= v1.22.0 which + use the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, >= + v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI + build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for + control plane components and for kube-proxy, while `registry.k8s.io` + will be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated by + the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should be + strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm init". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm join". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and this + field will be removed in a future release. When removing also remove + from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfigTemplate + listKind: KubeadmConfigTemplateList + plural: kubeadmconfigtemplates + singular: kubeadmconfigtemplate + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `k8s.gcr.io` will be + used by default; in case of kubernetes version is a + CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default + for control plane components and for kube-proxy, while + `k8s.gcr.io` will be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information TODO: revisit + when there is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` will + be used by default; in case of kubernetes version is + a CI build (kubernetes version starts with `ci/` or + `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be + used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new + registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= + v1.25.0 * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we + don''t allow upgrades to versions >= v1.22.0 which use + the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used + for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition configuration + generated by the bootstrapper controller. More info: + https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated + as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. When + removing also remove from staticcheck exclude-rules for + SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-role + namespace: capi-kubeadm-bootstrap-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/finalizers + - kubeadmconfigs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-rolebinding + namespace: capi-kubeadm-bootstrap-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-bootstrap-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-bootstrap-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} + command: + - /manager + image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-bootstrap-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-serving-cert + namespace: capi-kubeadm-bootstrap-system +spec: + dnsNames: + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-bootstrap-selfsigned-issuer + secretName: capi-kubeadm-bootstrap-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-selfsigned-issuer + namespace: capi-kubeadm-bootstrap-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None diff --git a/files/cluster-api/v1.6.2/cluster-api-components.yaml b/files/cluster-api/v1.6.2/cluster-api-components.yaml new file mode 100644 index 00000000..50f3081b --- /dev/null +++ b/files/cluster-api/v1.6.2/cluster-api-components.yaml @@ -0,0 +1,25910 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterclasses.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterClass + listKind: ClusterClassList + plural: clusterclasses + shortNames: + - cc + singular: clusterclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterClass is a template which can be used to create managed + topologies. \n Deprecated: This type will be removed in one of the next + releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineInfrastructure: + description: "MachineTemplate defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged with + the corresponding metadata from the topology. \n This field + is supported if and only if the control plane provider template + referenced is Machine based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterClass is a template which can be used to create managed + topologies. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck for + this ControlPlaneClass. This field is supported if and only + if the ControlPlane provider template referenced above is Machine + based and supports setting replicas. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at + most "MaxUnhealthy" machines selected by "selector" are + not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node + will be considered to have failed and will be remediated. + If you wish to disable this feature, set the value explicitly + to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This + field is completely optional, when filled, the MachineHealthCheck + controller creates a new object from the template referenced + and hands off remediation of the machine to a controller + that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The + conditions are combined in a logical OR, i.e. if any of + the conditions is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for at + least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the + number of machines selected by "selector" as not healthy + is within the range of "UnhealthyRange". Takes precedence + over MaxUnhealthy. Eg. "[3-5]" - This means that remediation + will be allowed only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + machineInfrastructure: + description: "MachineInfrastructure defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced is machine based. If not, it is applied only to the + ControlPlane. At runtime this metadata is merged with the corresponding + metadata from the topology. \n This field is supported if and + only if the control plane provider template referenced is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the control plane provider object. + properties: + template: + description: 'Template defines the template to use for generating + the name of the ControlPlane object. If not defined, it + will fallback to `{{ .cluster.name }}-{{ .random }}`. If + the templated string exceeds 63 characters, it will be trimmed + to 58 characters and will get concatenated with a random + suffix of length 5. The templating mechanism provides the + following arguments: * `.cluster.name`: The name of the + cluster object. * `.random`: A random alphanumeric string, + without vowels, of length 5.' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will retry + deletion indefinitely. Defaults to 10 seconds. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a node. The default value + is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl + drain --timeout` NOTE: This value can be overridden while defining + a Cluster.Topology.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + patches: + description: 'Patches defines the patches which are applied to customize + referenced templates of a ClusterClass. Note: Patches will be applied + in the order of the array.' + items: + description: ClusterClassPatch defines a patch which is applied + to customize the referenced templates. + properties: + definitions: + description: 'Definitions define inline patches. Note: Patches + will be applied in the order of the array. Note: Exactly one + of Definitions or External must be set.' + items: + description: PatchDefinition defines a patch which is applied + to customize the referenced templates. + properties: + jsonPatches: + description: 'JSONPatches defines the patches which should + be applied on the templates matching the selector. Note: + Patches will be applied in the order of the array.' + items: + description: JSONPatch defines a JSON patch. + properties: + op: + description: 'Op defines the operation of the patch. + Note: Only `add`, `replace` and `remove` are supported.' + type: string + path: + description: 'Path defines the path of the patch. + Note: Only the spec of a template can be patched, + thus the path has to start with /spec/. Note: + For now the only allowed array modifications are + `append` and `prepend`, i.e.: * for op: `add`: + only index 0 (prepend) and - (append) are allowed + * for op: `replace` or `remove`: no indexes are + allowed' + type: string + value: + description: 'Value defines the value of the patch. + Note: Either Value or ValueFrom is required for + add and replace operations. Only one of them is + allowed to be set at the same time. Note: We have + to use apiextensionsv1.JSON instead of our JSON + type, because controller-tools has a hard-coded + schema for apiextensionsv1.JSON which cannot be + produced by another type (unset type field). Ref: + https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: 'ValueFrom defines the value of the + patch. Note: Either Value or ValueFrom is required + for add and replace operations. Only one of them + is allowed to be set at the same time.' + properties: + template: + description: 'Template is the Go template to + be used to calculate the value. A template + can reference variables defined in .spec.variables + and builtin variables. Note: The template + must evaluate to a valid YAML or JSON value.' + type: string + variable: + description: Variable is the variable to be + used as value. Variable can be one of the + variables defined in .spec.variables or a + builtin variable. + type: string + type: object + required: + - op + - path + type: object + type: array + selector: + description: Selector defines on which templates the patch + should be applied. + properties: + apiVersion: + description: APIVersion filters templates by apiVersion. + type: string + kind: + description: Kind filters templates by kind. + type: string + matchResources: + description: MatchResources selects templates based + on where they are referenced. + properties: + controlPlane: + description: 'ControlPlane selects templates referenced + in .spec.ControlPlane. Note: this will match + the controlPlane and also the controlPlane machineInfrastructure + (depending on the kind and apiVersion).' + type: boolean + infrastructureCluster: + description: InfrastructureCluster selects templates + referenced in .spec.infrastructure. + type: boolean + machineDeploymentClass: + description: MachineDeploymentClass selects templates + referenced in specific MachineDeploymentClasses + in .spec.workers.machineDeployments. + properties: + names: + description: Names selects templates by class + names. + items: + type: string + type: array + type: object + machinePoolClass: + description: MachinePoolClass selects templates + referenced in specific MachinePoolClasses in + .spec.workers.machinePools. + properties: + names: + description: Names selects templates by class + names. + items: + type: string + type: array + type: object + type: object + required: + - apiVersion + - kind + - matchResources + type: object + required: + - jsonPatches + - selector + type: object + type: array + description: + description: Description is a human-readable description of + this patch. + type: string + enabledIf: + description: EnabledIf is a Go template to be used to calculate + if a patch should be enabled. It can reference variables defined + in .spec.variables and builtin variables. The patch will be + enabled if the template evaluates to `true`, otherwise it + will be disabled. If EnabledIf is not set, the patch will + be enabled per default. + type: string + external: + description: 'External defines an external patch. Note: Exactly + one of Definitions or External must be set.' + properties: + discoverVariablesExtension: + description: DiscoverVariablesExtension references an extension + which is called to discover variables. + type: string + generateExtension: + description: GenerateExtension references an extension which + is called to generate patches. + type: string + settings: + additionalProperties: + type: string + description: Settings defines key value pairs to be passed + to the extensions. Values defined here take precedence + over the values defined in the corresponding ExtensionConfig. + type: object + validateExtension: + description: ValidateExtension references an extension which + is called to validate the topology. + type: string + type: object + name: + description: Name of the patch. + type: string + required: + - name + type: object + type: array + variables: + description: Variables defines the variables which can be configured + in the Cluster topology and are then used in patches. + items: + description: ClusterClassVariable defines a variable which can be + configured in the Cluster topology and used in patches. + properties: + name: + description: Name of the variable. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of a variable + via OpenAPI v3 schema. The schema is a subset of the schema + used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the schema + of values in a map (keys are always strings). NOTE: + Can only be set if type is object. NOTE: AdditionalProperties + is mutually exclusive with Properties. NOTE: This + field uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of the variable. + NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values of the + variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the Maximum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the Minimum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. NOTE: + Can only be set if type is array. NOTE: This field + uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer or + number variable. If ExclusiveMaximum is false, the + variable is valid if it is lower than, or equal to, + the value of Maximum. If ExclusiveMaximum is true, + the variable is valid if it is strictly lower than + the value of Maximum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer or + number variable. If ExclusiveMinimum is false, the + variable is valid if it is greater than, or equal + to, the value of Minimum. If ExclusiveMinimum is true, + the variable is valid if it is strictly greater than + the value of Minimum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string variable + must match. NOTE: Can only be set if type is string.' + type: string + properties: + description: 'Properties specifies fields of an object. + NOTE: Can only be set if type is object. NOTE: Properties + is mutually exclusive with AdditionalProperties. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields of an + object are required. NOTE: Can only be set if type + is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. Valid + values are: object, array, string, integer, number + or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in an array + must be unique. NOTE: Can only be set if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields + in a variable object which are not defined in the + variable schema. This affects fields recursively, + except if nested properties or additionalProperties + are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - name + - required + - schema + type: object + type: array + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + failureDomain: + description: 'FailureDomain is the failure domain the machines + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck + for this MachineDeploymentClass. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to + a remediation template provided by an infrastructure + provider. \n This field is completely optional, when + filled, the MachineHealthCheck controller creates + a new object from the template referenced and hands + off remediation of the machine to a controller that + lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of + the conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node + is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has been + in the given status for at least the timeout value, + a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - + This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + format: int32 + type: integer + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the MachineDeployment. + properties: + template: + description: 'Template defines the template to use for + generating the name of the MachineDeployment object. + If not defined, it will fallback to `{{ .cluster.name + }}-{{ .machineDeployment.topologyName }}-{{ .random + }}`. If the templated string exceeds 63 characters, + it will be trimmed to 58 characters and will get concatenated + with a random suffix of length 5. The templating mechanism + provides the following arguments: * `.cluster.name`: + The name of the cluster object. * `.random`: A random + alphanumeric string, without vowels, of length 5. + * `.machineDeployment.topologyName`: The name of the + MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + strategy: + description: 'The deployment strategy to use to replace + existing machines with new ones. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + properties: + rollingUpdate: + description: Rolling update config params. Present only + if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used + by the MachineDeployment to identify nodes to + delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be scheduled above the desired number of machines. + Value can be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). This can not be + 0 if MaxUnavailable is 0. Absolute number is calculated + from percentage by rounding up. Defaults to 1. + Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling + update starts, such that the total number of old + and new machines do not exceed 130% of desired + machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring + that total number of machines running at any time + during the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be unavailable during the update. Value can + be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to + 0. Example: when this is set to 30%, the old MachineSet + can be scaled down to 70% of desired machines + immediately when the rolling update starts. Once + new machines are ready, old MachineSet can be + scaled down further, followed by scaling up the + new MachineSet, ensuring that the total number + of machines available at all times during the + update is at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Allowed values are + RollingUpdate and OnDelete. The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + machinePools: + description: MachinePools is a list of machine pool classes that + can be used to create a set of worker nodes. + items: + description: MachinePoolClass serves as a template to define + a pool of worker nodes of the cluster provisioned using `ClusterClass`. + properties: + class: + description: Class denotes a type of machine pool present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachinePool. + type: string + failureDomains: + description: 'FailureDomains is the list of failure domains + the MachinePool should be attached to. Must match a key + in the FailureDomains map stored on the cluster object. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachinePoolClass.' + items: + type: string + type: array + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine pool should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachinePoolClass.' + format: int32 + type: integer + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the MachinePool. + properties: + template: + description: 'Template defines the template to use for + generating the name of the MachinePool object. If + not defined, it will fallback to `{{ .cluster.name + }}-{{ .machinePool.topologyName }}-{{ .random }}`. + If the templated string exceeds 63 characters, it + will be trimmed to 58 characters and will get concatenated + with a random suffix of length 5. The templating mechanism + provides the following arguments: * `.cluster.name`: + The name of the cluster object. * `.random`: A random + alphanumeric string, without vowels, of length 5. + * `.machinePool.topologyName`: The name of the MachinePool + topology (Cluster.spec.topology.workers.machinePools[].name).' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine Pool is marked for deletion. A duration + of 0 will retry deletion indefinitely. Defaults to 10 + seconds. NOTE: This value can be overridden while defining + a Cluster.Topology using this MachinePoolClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachinePoolClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachinePoolClass.' + type: string + template: + description: Template is a local struct containing a collection + of templates for creation of MachinePools objects representing + a pool of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of the Machines + in the MachinePool. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + the MachinePool. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + MachinePool. At runtime this metadata is merged with + the corresponding metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + status: + description: ClusterClassStatus defines the observed state of the ClusterClass. + properties: + conditions: + description: Conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + variables: + description: Variables is a list of ClusterClassStatusVariable that + are defined for the ClusterClass. + items: + description: ClusterClassStatusVariable defines a variable which + appears in the status of a ClusterClass. + properties: + definitions: + description: Definitions is a list of definitions for a variable. + items: + description: ClusterClassStatusVariableDefinition defines + a variable which appears in the status of a ClusterClass. + properties: + from: + description: From specifies the origin of the variable + definition. This will be `inline` for variables defined + in the ClusterClass or the name of a patch defined in + the ClusterClass for variables discovered from a DiscoverVariables + runtime extensions. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus + the top-level object defined in the schema. If nested + fields are required, this will be specified inside the + schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of + a variable via OpenAPI v3 schema. The schema is + a subset of the schema used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the + schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. NOTE: + AdditionalProperties is mutually exclusive with + Properties. NOTE: This field uses PreserveUnknownFields + and Schemaless, because recursive validation + is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of + the variable. NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values + of the variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the + Maximum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the + Minimum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. + NOTE: Can only be set if type is array. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer + or number variable. If ExclusiveMaximum is false, + the variable is valid if it is lower than, or + equal to, the value of Maximum. If ExclusiveMaximum + is true, the variable is valid if it is strictly + lower than the value of Maximum. NOTE: Can only + be set if type is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer + or number variable. If ExclusiveMinimum is false, + the variable is valid if it is greater than, + or equal to, the value of Minimum. If ExclusiveMinimum + is true, the variable is valid if it is strictly + greater than the value of Minimum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string + variable must match. NOTE: Can only be set if + type is string.' + type: string + properties: + description: 'Properties specifies fields of an + object. NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with + AdditionalProperties. NOTE: This field uses + PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields + of an object are required. NOTE: Can only be + set if type is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. + Valid values are: object, array, string, integer, + number or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in + an array must be unique. NOTE: Can only be set + if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting + fields in a variable object which are not defined + in the variable schema. This affects fields + recursively, except if nested properties or + additionalProperties are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - from + - required + - schema + type: object + type: array + definitionsConflict: + description: DefinitionsConflict specifies whether or not there + are conflicting definitions for a single variable name. + type: boolean + name: + description: Name is the name of the variable. + type: string + required: + - definitions + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesetbindings.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSetBinding + listKind: ClusterResourceSetBindingList + plural: clusterresourcesetbindings + singular: clusterresourcesetbinding + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + clusterName: + description: 'ClusterName is the name of the Cluster this binding + applies to. Note: this field mandatory in v1beta2.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesets.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSet + listKind: ClusterResourceSetList + plural: clusterresourcesets + singular: clusterresourceset + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSet is the Schema for the clusterresourcesets + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + - Reconcile + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusters.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Cluster + listKind: ClusterList + plural: clusters + shortNames: + - cl + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneInitialized: + description: ControlPlaneInitialized defines if the control plane + has been initialized. + type: boolean + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Cluster is the Schema for the clusters API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged + with the corresponding metadata from the ClusterClass. \n + This field is supported if and only if the control plane + provider template referenced in the ClusterClass is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. + format: date-time + type: string + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to zero) and it's assumed that an external entity + (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: ClusterClass of this Cluster, empty if the Cluster is not using + a ClusterClass + jsonPath: .spec.topology.class + name: ClusterClass + type: string + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Cluster + jsonPath: .spec.topology.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration in the + ClusterClass for this control plane. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n If false: + No MachineHealthCheck will be created. \n If not set(default): + A MachineHealthCheck will be created if it is defined + here or in the associated ClusterClass. If no MachineHealthCheck + is defined then none will be created. \n If true: A + MachineHealthCheck is guaranteed to be created. Cluster + validation will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if + at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will be + remediated. If you wish to disable this feature, set + the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a + remediation template provided by an infrastructure provider. + \n This field is completely optional, when filled, the + MachineHealthCheck controller creates a new object from + the template referenced and hands off remediation of + the machine to a controller that lives outside of Cluster + API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the + conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node is + unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for + at least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This + means that remediation will be allowed only when: (a) + there are at least 3 unhealthy machines (and) (b) there + are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced by the ClusterClass is machine based. If not, + it is applied only to the ControlPlane. At runtime this + metadata is merged with the corresponding metadata from + the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: "RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. \n Deprecated: This field has no function and is + going to be removed in the next apiVersion." + format: date-time + type: string + variables: + description: Variables can be used to customize the Cluster through + patches. They must comply to the corresponding VariableClasses + defined in the ClusterClass. + items: + description: ClusterVariable can be used to customize the Cluster + through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where the definition + of this Variable is from. DefinitionFrom is `inline` when + the definition is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass `.spec.patches` + where the patch is external and provides external variables. + This field is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: the value will + be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to use apiextensionsv1.JSON + instead of a custom JSON type, because controller-tools + has a hard-coded schema for apiextensionsv1.JSON which + cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomain: + description: FailureDomain is the failure domain the + machines will be created in. Must match a key in the + FailureDomains map stored on the cluster object. + type: string + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration + in the ClusterClass for this MachineDeployment. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n + If false: No MachineHealthCheck will be created. + \n If not set(default): A MachineHealthCheck will + be created if it is defined here or in the associated + ClusterClass. If no MachineHealthCheck is defined + then none will be created. \n If true: A MachineHealthCheck + is guaranteed to be created. Cluster validation + will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference + to a remediation template provided by an infrastructure + provider. \n This field is completely optional, + when filled, the MachineHealthCheck controller + creates a new object from the template referenced + and hands off remediation of the machine to a + controller that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list + of the conditions that determine whether a node + is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions + is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has + been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" + as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" + - This means that remediation will be allowed + only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy + machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a + node. The default value is 0, meaning that the node + can be drained without any time limitations. NOTE: + NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to 1) and it's assumed that an external entity (like + cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace + existing machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present + only if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy + used by the MachineDeployment to identify + nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value + is supplied, the default DeletePolicy of MachineSet + is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be scheduled above the desired number + of machines. Value can be an absolute number + (ex: 5) or a percentage of desired machines + (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage + by rounding up. Defaults to 1. Example: when + this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling + update starts, such that the total number + of old and new machines do not exceed 130% + of desired machines. Once old machines have + been killed, new MachineSet can be scaled + up further, ensuring that total number of + machines running at any time during the update + is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be unavailable during the update. + Value can be an absolute number (ex: 5) or + a percentage of desired machines (ex: 10%). + Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge + is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately + when the rolling update starts. Once new machines + are ready, old MachineSet can be scaled down + further, followed by scaling up the new MachineSet, + ensuring that the total number of machines + available at all times during the update is + at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Allowed values + are RollingUpdate and OnDelete. The default is + RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + variables: + description: Variables can be used to customize the + MachineDeployment through patches. + properties: + overrides: + description: Overrides can be used to override Cluster + level variables. + items: + description: ClusterVariable can be used to customize + the Cluster through patches. Each ClusterVariable + is associated with a Variable definition in + the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where + the definition of this Variable is from. + DefinitionFrom is `inline` when the definition + is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass + `.spec.patches` where the patch is external + and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: + the value will be validated against the + schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to + use apiextensionsv1.JSON instead of a custom + JSON type, because controller-tools has + a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type + via controller-tools, i.e. it is not possible + to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + type: object + required: + - class + - name + type: object + type: array + machinePools: + description: MachinePools is a list of machine pools in the + cluster. + items: + description: MachinePoolTopology specifies the different + parameters for a pool of worker nodes in the topology. + This pool of nodes is managed by a MachinePool object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachinePoolClass + used to create the pool of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomains: + description: FailureDomains is the list of failure domains + the machine pool will be created in. Must match a + key in the FailureDomains map stored on the cluster + object. + items: + type: string + type: array + metadata: + description: Metadata is the metadata applied to the + MachinePool. At runtime this metadata is merged with + the corresponding metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine pool should be ready. Defaults to + 0 (machine will be considered available as soon as + it is ready) + format: int32 + type: integer + name: + description: Name is the unique identifier for this + MachinePoolTopology. The value is used with other + unique identifiers to create a MachinePool's Name + (e.g. cluster's name, etc). In case the name is greater + than the allowed maximum length, the values are hashed + together. + type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + MachinePool hosts after the MachinePool is marked + for deletion. A duration of 0 will retry deletion + indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a + node. The default value is 0, meaning that the node + can be drained without any time limitations. NOTE: + NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string + replicas: + description: Replicas is the number of nodes belonging + to this pool. If the value is nil, the MachinePool + is created without the number of Replicas (defaulting + to 1) and it's assumed that an external entity (like + cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + variables: + description: Variables can be used to customize the + MachinePool through patches. + properties: + overrides: + description: Overrides can be used to override Cluster + level variables. + items: + description: ClusterVariable can be used to customize + the Cluster through patches. Each ClusterVariable + is associated with a Variable definition in + the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where + the definition of this Variable is from. + DefinitionFrom is `inline` when the definition + is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass + `.spec.patches` where the patch is external + and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: + the value will be validated against the + schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to + use apiextensionsv1.JSON instead of a custom + JSON type, because controller-tools has + a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type + via controller-tools, i.e. it is not possible + to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + type: object + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: extensionconfigs.runtime.cluster.x-k8s.io +spec: + group: runtime.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ExtensionConfig + listKind: ExtensionConfigList + plural: extensionconfigs + shortNames: + - ext + singular: extensionconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ExtensionConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExtensionConfig is the Schema for the ExtensionConfig API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExtensionConfigSpec is the desired state of the ExtensionConfig + properties: + clientConfig: + description: ClientConfig defines how to communicate with the Extension + server. + properties: + caBundle: + description: CABundle is a PEM encoded CA bundle which will be + used to validate the Extension server's server certificate. + format: byte + type: string + service: + description: "Service is a reference to the Kubernetes service + for the Extension server. Note: Exactly one of `url` or `service` + must be specified. \n If the Extension server is running within + a cluster, then you should use `service`." + properties: + name: + description: Name is the name of the service. + type: string + namespace: + description: Namespace is the namespace of the service. + type: string + path: + description: Path is an optional URL path and if present may + be any string permissible in a URL. If a path is set it + will be used as prefix to the hook-specific path. + type: string + port: + description: Port is the port on the service that's hosting + the Extension server. Defaults to 443. Port should be a + valid port number (1-65535, inclusive). + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: "URL gives the location of the Extension server, + in standard URL form (`scheme://host:port/path`). Note: Exactly + one of `url` or `service` must be specified. \n The scheme must + be \"https\". \n The `host` should not refer to a service running + in the cluster; use the `service` field instead. \n A path is + optional, and if present may be any string permissible in a + URL. If a path is set it will be used as prefix to the hook-specific + path. \n Attempting to use a user or basic auth e.g. \"user:password@\" + is not allowed. Fragments (\"#...\") and query parameters (\"?...\") + are not allowed either." + type: string + type: object + namespaceSelector: + description: NamespaceSelector decides whether to call the hook for + an object based on whether the namespace for that object matches + the selector. Defaults to the empty LabelSelector, which matches + all objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + settings: + additionalProperties: + type: string + description: 'Settings defines key value pairs to be passed to all + calls to all supported RuntimeExtensions. Note: Settings can be + overridden on the ClusterClass.' + type: object + required: + - clientConfig + type: object + status: + description: ExtensionConfigStatus is the current state of the ExtensionConfig + properties: + conditions: + description: Conditions define the current service state of the ExtensionConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + handlers: + description: Handlers defines the current ExtensionHandlers supported + by an Extension. + items: + description: ExtensionHandler specifies the details of a handler + for a particular runtime hook registered by an Extension server. + properties: + failurePolicy: + description: FailurePolicy defines how failures in calls to + the ExtensionHandler should be handled by a client. Defaults + to Fail if not set. + type: string + name: + description: Name is the unique name of the ExtensionHandler. + type: string + requestHook: + description: RequestHook defines the versioned runtime hook + which this ExtensionHandler serves. + properties: + apiVersion: + description: APIVersion is the group and version of the + Hook. + type: string + hook: + description: Hook is the name of the hook. + type: string + required: + - apiVersion + - hook + type: object + timeoutSeconds: + description: TimeoutSeconds defines the timeout duration for + client calls to the ExtensionHandler. Defaults to 10 is not + set. + format: int32 + type: integer + required: + - name + - requestHook + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdressClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdressClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddresses.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - poolRef + - prefix + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - poolRef + - prefix + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinedeployments.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineDeployment + listKind: MachineDeploymentList + plural: machinedeployments + shortNames: + - md + singular: machinedeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + default: 1 + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachineDeployment + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineDeployment + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDeployment is the Schema for the machinedeployments API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: "Number of desired machines. This is a pointer to distinguish + between explicit zero and not specified. \n Defaults to: * if the + Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size - if the replicas + field of the old MachineDeployment is < min size, use min size - + if the replicas field of the old MachineDeployment is > max size, + use max size - if the replicas field of the old MachineDeployment + is in the (min size, max size) range, keep the value from the oldMD + * otherwise use 1 Note: Defaulting will be run whenever the replicas + field is not set: * A new MachineDeployment is created with replicas + not set. * On an existing MachineDeployment the replicas field was + first set and is now unset. Those cases are especially relevant + for the following Kubernetes autoscaler use cases: * A new MachineDeployment + is created and replicas should be managed by the autoscaler * An + existing MachineDeployment which initially wasn't controlled by + the autoscaler should be later controlled by the autoscaler" + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the MachineDeployment. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Allowed values are RollingUpdate + and OnDelete. The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinehealthchecks.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineHealthCheck + listKind: MachineHealthCheckList + plural: machinehealthchecks + shortNames: + - mhc + - mhcs + singular: machinehealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineHealthCheck is the Schema for the machinehealthchecks + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinepools.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + shortNames: + - mp + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace existing machine + instances with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachinePool + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: 'Minimum number of seconds for which a newly created + machine instances should be ready. Defaults to 0 (machine instance + will be considered available as soon as it is ready) NOTE: No logic + is implemented for this field and it currently has no behaviour.' + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machines.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Machine + listKind: MachineList + plural: machines + shortNames: + - ma + singular: machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as cloud-init + details scripts. If nil, the Machine should remain in the Pending + state. \n Deprecated: Switch to DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller will + attempt to delete the Node that the Machine hosts after the Machine + is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time that + the controller will spend on waiting for all volumes to be detached. + The default value is 0, meaning that the volumes can be detached + without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + certificatesExpiryDate: + description: CertificatesExpiryDate is the expiry date of the machine + certificates. This value is only set for control plane machines. + format: date-time + type: string + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinesets.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineSet + listKind: MachineSetList + plural: machinesets + shortNames: + - ms + singular: machineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this machineset + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineSet + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineSet is the Schema for the machinesets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-role + namespace: capi-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - clusterresourcesets/finalizers + - clusterresourcesets/status + verbs: + - get + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusterclasses/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/finalizers + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + - machinedeployments/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + - machinehealthchecks/finalizers + - machinehealthchecks/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/finalizers + - machinepools/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/finalizers + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + - machinesets/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - get + - list + - watch +- apiGroups: + - runtime.cluster.x-k8s.io + resources: + - extensionconfigs + - extensionconfigs/status + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-rolebinding + namespace: capi-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-webhook-service + namespace: capi-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: cluster-api +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-controller-manager + namespace: capi-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-serving-cert + namespace: capi-system +spec: + dnsNames: + - capi-webhook-service.capi-system.svc + - capi-webhook-service.capi-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-selfsigned-issuer + secretName: capi-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-selfsigned-issuer + namespace: capi-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.extensionconfig.runtime.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesetbindings + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfig + listKind: KubeadmConfigList + plural: kubeadmconfigs + singular: kubeadmconfig + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `k8s.gcr.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `k8s.gcr.io` will be used for all the other + images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should be + used for Kubernetes components instead of their respective separate + images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information TODO: revisit when there + is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + bootstrapData: + description: "BootstrapData will be a cloud-init script for now. \n + Deprecated: Switch to DataSecretName." + format: byte + type: string + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfig is the Schema for the kubeadmconfigs API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull + images from. If empty, `registry.k8s.io` will be used by default; + in case of kubernetes version is a CI build (kubernetes version + starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for all the + other images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: {}` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of KubeadmConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfig is the Schema for the kubeadmconfigs API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be defined + or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration are + the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API server + control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that + we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or look + for all required certificates. NB: if not provided, this will + default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or + DNS name for the control plane; it can be a valid IP address + or a RFC-1123 DNS subdomain, both with optional TCP port. In + case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + + BindPort are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible usages + are: e.g. In a cluster with more than one control plane instances, + this field should be assigned the address of the external load + balancer in front of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint could + be used for assigning a stable DNS to the control plane. NB: + This value defaults to the first value in the Cluster object + status.apiEndpoints array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the + controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This value + defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file + used to secure etcd communication. Required if using + a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used + to secure etcd communication. Required if using a TLS + connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided to + the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry to pull + images from. * If not set, the default registry of kubeadm will + be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): + all older versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= v1.22.0 which + use the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, >= + v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI + build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default for + control plane components and for kube-proxy, while `registry.k8s.io` + will be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the control + plane. NB: This value defaults to the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the Cluster + object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If unset, + the API server will not allocate CIDR ranges for every node. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.services.cidrBlocks if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster object's + spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" + if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass to + the control plane component. TODO: This is temporary and + ideally we would like to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that will + be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where + hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used for + Microsoft Azure that instructs cloud-init to replace a + file system of . NOTE: unless you define a label, + this requires the use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated by + the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should be + strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration are + the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` time + and describes a set of Bootstrap Tokens to create. This information + IS NOT uploaded to the kubeadm cluster configmap, partly because + of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, stored + as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message why + this token exists and what it's used for, so other administrators + can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this token + expires. Defaults to being set dynamically at runtime + based on the TTL. Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that this + token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this token + can be used. Can by default be used for establishing bidirectional + trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the API + server instance that's deployed on this control plane node In + HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to each + individual API server. This configuration object lets you customize + what IP/DNS name and port the local API server advertises it's + accessible on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for the + API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API Server + to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm init". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for the + join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate authority + used to secure comunications between node and control-plane. + Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when + there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no additional + control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when there + is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options for + bootstrap token based discovery BootstrapToken and File + are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain name + to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public key + pins to verify when token-based discovery is used. The + root CA found during discovery must match one of these + values. Specifying an empty set disables root CA pinning, + which can be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject Public + Key Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to a kubeconfig + file from which to load cluster information BootstrapToken + and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the actual + file path or URL to the kubeconfig file from which to + load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS bootstrapping. + If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain any + other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to registering + the new control-plane node to the cluster. When used in the + context of control plane nodes, NodeRegistration should remain + consistent across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node API + object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of pre-flight + errors to be ignored when the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for image + pulling during kubeadm "init" and "join" operations. The + value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the kubelet + command line via the environment file kubeadm writes at + runtime for the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X ConfigMap + Flags have higher priority when parsing. These values are + local and specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the Node + API object that will be created in this `kubeadm init` or + `kubeadm join` operation. This field is also used in the + CommonName field of the kubelet's client certificate to + the API server. Defaults to the hostname of the node if + not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API object + should be registered with. If this field is unset, i.e. + nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. If + you don''t want to taint your control-plane node, set this + field to an empty slice, i.e. `taints: []` in the YAML file. + This field is solely used for Node registration.' + items: + description: The node this Taint is attached to has the + "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are + NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying patches + to components deployed by kubeadm during "kubeadm join". The + minimum kubernetes version needed to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". For + example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". "extension" + must be either "json" or "yaml". "suffix" is an optional + string that can be used to determine which patches are applied + first alpha-numerically. These files can be written into + the target directory via KubeadmConfig.Files which specifies + additional files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during command + execution. The list of phases can be obtained with the "kubeadm + init --help" command. This option takes effect only on Kubernetes + >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run after + kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run before + kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm command + with a shell script with retries for joins. \n This is meant to + be an experimental temporary workaround on some environments where + joins fail due to timing (and other issues). The long term goal + is to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more information, + refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and this + field will be removed in a future release. When removing also remove + from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level verbosity. + It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + status: + description: KubeadmConfigStatus defines the observed state of KubeadmConfig. + properties: + conditions: + description: Conditions defines current service state of the KubeadmConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmConfigTemplate + listKind: KubeadmConfigTemplateList + plural: kubeadmconfigtemplates + singular: kubeadmconfigtemplate + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `k8s.gcr.io` will be + used by default; in case of kubernetes version is a + CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/k8s-staging-ci-images` will be used as a default + for control plane components and for kube-proxy, while + `k8s.gcr.io` will be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information TODO: revisit + when there is defaulting from k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` will + be used by default; in case of kubernetes version is + a CI build (kubernetes version starts with `ci/` or + `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be + used as a default for control plane components and for + kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + {}` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmConfigTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. + properties: + template: + description: KubeadmConfigTemplateResource defines the Template structure. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: KubeadmConfigSpec defines the desired state of KubeadmConfig. + Either ClusterConfiguration and InitConfiguration should be + defined or the JoinConfiguration should be defined. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the + API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid + IP address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the + ControlPlaneEndpoint is specified but without a TCP + port, the BindPort is used. Possible usages are: e.g. + In a cluster with more than one control plane instances, + this field should be assigned the address of the external + load balancer in front of the control plane instances. + e.g. in environments with enforced node recycling, + the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to + an external etcd cluster Local and External are + mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. Required + if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to + secure etcd communication. Required if using + a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for + configuring the local etcd instance Local and External + are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will + place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static + pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new + registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= + v1.25.0 * k8s.gcr.io (old registry): all older versions + Please note that when imageRepository is not set we + don''t allow upgrades to versions >= v1.22.0 which use + the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead (i.e. >= v1.22.17, + >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used + for all the other images.' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to the + Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to + the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s + services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s + services. Defaults to a comma-delimited string of + the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the + scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to + pass to the control plane component. TODO: This + is temporary and ideally we would like to switch + all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host + that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the + pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod + template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: unless + you define a label, this requires the use of the + ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition configuration + generated by the bootstrapper controller. More info: + https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated + as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens to + create. This information IS NOT uploaded to the kubeadm + cluster configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, + so other administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when + this token expires. Defaults to being set dynamically + at runtime based on the TTL. Expires and TTL are + mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for + authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for + joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this + token. Defaults to 24h. Expires and TTL are mutually + exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be used + for establishing bidirectional trust, but that + can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this control + plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global + endpoint for the cluster, which then loadbalances the + requests to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible on. + By default, kubeadm tries to auto-detect the IP of the + default interface and use that, but in case that process + fails you may set the desired value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. If + nil, no additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this + node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the + kubelet to use during the TLS Bootstrap process TODO: + revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken + and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will + be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of + public key pins to verify when token-based discovery + is used. The root CA found during discovery + must match one of these values. Specifying an + empty set disables root CA pinning, which can + be unsafe. Each hash is specified as ":", + where the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the Subject + Public Key Info (SPKI) object in DER-encoded + ASN.1. These hashes can be calculated using, + for example, OpenSSL: openssl x509 -pubkey -in + ca.crt openssl rsa -pubin -outform der 2>&/dev/null + | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since + other nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL + to a kubeconfig file from which to load cluster + information BootstrapToken and File are mutually + exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for + TLS bootstrapping. If .BootstrapToken is set, this + field is defaulted to .BootstrapToken.Token, but + can be overridden. If .File is set, this field **must + be set** in case the KubeConfigFile does not contain + any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the cluster. + When used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration + and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice + of pre-flight errors to be ignored when the current + node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and "join" + operations. The value of this field must be one + of "Always", "IfNotPresent" or "Never". Defaults + to "IfNotPresent". This can be used only with Kubernetes + version equal to 1.22 and later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here are + passed to the kubelet command line via the environment + file kubeadm writes at runtime for the kubelet to + source. This overrides the generic base-level configuration + in the kubelet-config-1.X ConfigMap Flags have higher + priority when parsing. These values are local and + specific to the node kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of + the Node API object that will be created in this + `kubeadm init` or `kubeadm join` operation. This + field is also used in the CommonName field of the + kubelet's client certificate to the API server. + Defaults to the hostname of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node + API object should be registered with. If this field + is unset, i.e. nil, in the `kubeadm init` process + it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: + []` in the YAML file. This field is solely used + for Node registration.' + items: + description: The node this Taint is attached to + has the "effect" on any pod that does not tolerate + the Taint. + properties: + effect: + description: Required. The effect of the taint + on pods that do not tolerate the taint. Valid + effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at + which the taint was added. It is only written + for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that + contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just + "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", "etcd". + "patchtype" can be one of "strategic" "merge" or + "json" and they match the patch formats supported + by kubectl. The default "patchtype" is "strategic". + "extension" must be either "json" or "yaml". "suffix" + is an optional string that can be used to determine + which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional + files to be created on the machine, either with + content inline or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained + with the "kubeadm init --help" command. This option + takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to + run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and + use that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. When + removing also remove from staticcheck exclude-rules for + SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-role + namespace: capi-kubeadm-bootstrap-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - kubeadmconfigs + - kubeadmconfigs/finalizers + - kubeadmconfigs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-leader-election-rolebinding + namespace: capi-kubeadm-bootstrap-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-bootstrap-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-bootstrap-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-bootstrap-manager + namespace: capi-kubeadm-bootstrap-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + name: capi-kubeadm-bootstrap-controller-manager + namespace: capi-kubeadm-bootstrap-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} + command: + - /manager + image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-bootstrap-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-serving-cert + namespace: capi-kubeadm-bootstrap-system +spec: + dnsNames: + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc + - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-bootstrap-selfsigned-issuer + secretName: capi-kubeadm-bootstrap-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-selfsigned-issuer + namespace: capi-kubeadm-bootstrap-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-kubeadm + name: capi-kubeadm-bootstrap-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-bootstrap-webhook-service + namespace: capi-kubeadm-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmconfigtemplates + sideEffects: None +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlane + listKind: KubeadmControlPlaneList + plural: kubeadmcontrolplanes + shortNames: + - kcp + singular: kubeadmcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + infrastructureTemplate: + description: InfrastructureTemplate is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `k8s.gcr.io` will be used by + default; in case of kubernetes version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `k8s.gcr.io` will be used for all + the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information TODO: revisit when there is defaulting from + k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a controlplane node The default + value is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + upgradeAfter: + description: UpgradeAfter is a field to indicate an upgrade should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane + format: date-time + type: string + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - infrastructureTemplate + - kubeadmConfigSpec + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `registry.k8s.io` will be used + by default; in case of kubernetes version is a CI build + (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Total number of machines desired by this control plane + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new registry): + >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io + (old registry): all older versions Please note that when + imageRepository is not set we don''t allow upgrades to versions + >= v1.22.0 which use the old registry (k8s.gcr.io). Please + use a newer patch version with the new registry instead + (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts + with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated + by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and + this field will be removed in a future release. When removing + also remove from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the machine + controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. If no value is provided, + the default value for this property of the Machine resource + will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. + type: string + required: + - infrastructureRef + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control plane + machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while attempting + to remediate an unhealthy machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. For example, given a control plane with three machines + M1, M2, M3: \n M1 become unhealthy; remediation happens, and + M1-1 is created as a replacement. If M1-1 (replacement of M1) + has problems while bootstrapping it will become unhealthy, and + then be remediated; such operation is considered a retry, remediation-retry + #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry + #2 will happen, etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation expired, + this is not considered a retry anymore because the new issue + is assumed unrelated from the previous one. \n If not set, the + remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after which + KCP will consider any failure to a machine unrelated from the + previous one. In this case the remediation is not considered + a retry anymore, and thus the retry counter restarts from 0. + For example, assuming MinHealthyPeriod is set to 1h (default) + \n M1 become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems within + the 1hr after the creation, also this machine will be remediated + and this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead the problem + on M1-1 is happening after MinHealthyPeriod expired, e.g. four + days after m1-1 has been created as a remediation of M1, the + problem on M1-1 is considered unrelated to the original issue + happened to M1. \n If not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should wait + before remediating a machine being created as a replacement + for an unhealthy machine (a retry). \n If not set, a retry will + happen immediately." + type: string + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout should + be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout needs + to be performed if the certificates of the machine will expire + within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: 'Version defines the desired Kubernetes version. Please + note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository + is not set we don''t allow upgrades to versions >= v1.22.0 for which + kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead. The default registries of + kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, + >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + lastRemediation: + description: LastRemediation stores info about last remediation performed. + properties: + machine: + description: Machine is the machine name of the latest machine + being remediated. + type: string + retryCount: + description: RetryCount used to keep track of remediation retry + for the last remediated machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. + format: int32 + type: integer + timestamp: + description: Timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlaneTemplate + listKind: KubeadmControlPlaneTemplateList + plural: kubeadmcontrolplanetemplates + singular: kubeadmcontrolplanetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + spec: + description: KubeadmControlPlaneSpec defines the desired state + of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` + will be used by default; in case of kubernetes version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference + to a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When + stacked etcd is used only odd numbers are permitted, as + per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and + not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'KubeadmControlPlaneTemplateResourceSpec defines + the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec + is similar to KubeadmControlPlaneSpec but omits Replicas and + Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, + because they are calculated by the Cluster topology reconciler + during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.' + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io + (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0 * k8s.gcr.io (old registry): all older + versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= + v1.22.0 which use the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry + instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0). * If the version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append + Content to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition + configuration generated by the bootstrapper + controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig + should be strictly parsed. If so, warnings are + treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules + for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of + passwd to populate the passwd. + properties: + secret: + description: Secret represents a secret that + should populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + machine controller will attempt to delete the Node that + the Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. If + no value is provided, the default value for this property + of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, + meaning that the volumes can be detached without any + time limitations. + type: string + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control + plane machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while + attempting to remediate an unhealthy machine. A retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails. For example, given + a control plane with three machines M1, M2, M3: \n M1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems + while bootstrapping it will become unhealthy, and then + be remediated; such operation is considered a retry, + remediation-retry #1. If M1-2 (replacement of M1-1) + becomes unhealthy, remediation-retry #2 will happen, + etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation + expired, this is not considered a retry anymore because + the new issue is assumed unrelated from the previous + one. \n If not set, the remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after + which KCP will consider any failure to a machine unrelated + from the previous one. In this case the remediation + is not considered a retry anymore, and thus the retry + counter restarts from 0. For example, assuming MinHealthyPeriod + is set to 1h (default) \n M1 become unhealthy; remediation + happens, and M1-1 is created as a replacement. If M1-1 + (replacement of M1) has problems within the 1hr after + the creation, also this machine will be remediated and + this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead + the problem on M1-1 is happening after MinHealthyPeriod + expired, e.g. four days after m1-1 has been created + as a remediation of M1, the problem on M1-1 is considered + unrelated to the original issue happened to M1. \n If + not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should + wait before remediating a machine being created as a + replacement for an unhealthy machine (a retry). \n If + not set, a retry will happen immediately." + type: string + type: object + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout + should be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout + needs to be performed if the certificates of the machine + will expire within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + required: + - kubeadmConfigSpec + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-role + namespace: capi-kubeadm-control-plane-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: capi-kubeadm-control-plane-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-rolebinding + namespace: capi-kubeadm-control-plane-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-control-plane-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-control-plane-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-control-plane-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-serving-cert + namespace: capi-kubeadm-control-plane-system +spec: + dnsNames: + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-control-plane-selfsigned-issuer + secretName: capi-kubeadm-control-plane-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-selfsigned-issuer + namespace: capi-kubeadm-control-plane-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - kubeadmcontrolplanes/scale + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None diff --git a/files/cluster-api/v1.6.2/cluster-template-development.yaml b/files/cluster-api/v1.6.2/cluster-template-development.yaml new file mode 100644 index 00000000..da40be95 --- /dev/null +++ b/files/cluster-api/v1.6.2/cluster-template-development.yaml @@ -0,0 +1,41 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" + namespace: "${NAMESPACE}" +spec: + clusterNetwork: + services: + cidrBlocks: ${SERVICE_CIDR:=["10.128.0.0/12"]} + pods: + cidrBlocks: ${POD_CIDR:=["192.168.0.0/16"]} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + topology: + class: quick-start + controlPlane: + metadata: {} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: imageRepository + value: "" + - name: etcdImageTag + value: "" + - name: coreDNSImageTag + value: "" + - name: podSecurityStandard + value: + enabled: ${POD_SECURITY_STANDARD_ENABLED:=true} + enforce: "baseline" + audit: "restricted" + warn: "restricted" + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} + machinePools: + - class: default-worker + name: mp-0 + replicas: ${WORKER_MACHINE_COUNT} +--- diff --git a/files/cluster-api/v1.6.2/cluster-template-in-memory-development.yaml b/files/cluster-api/v1.6.2/cluster-template-in-memory-development.yaml new file mode 100644 index 00000000..92a570fd --- /dev/null +++ b/files/cluster-api/v1.6.2/cluster-template-in-memory-development.yaml @@ -0,0 +1,22 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: "${CLUSTER_NAME}" + namespace: "${NAMESPACE}" +spec: + clusterNetwork: + services: + cidrBlocks: ${SERVICE_CIDR:=["10.128.0.0/12"]} + pods: + cidrBlocks: ${POD_CIDR:=["192.168.0.0/16"]} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + topology: + class: in-memory-quick-start + version: ${KUBERNETES_VERSION} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} diff --git a/files/cluster-api/v1.6.2/clusterclass-in-memory-quick-start.yaml b/files/cluster-api/v1.6.2/clusterclass-in-memory-quick-start.yaml new file mode 100644 index 00000000..284bed26 --- /dev/null +++ b/files/cluster-api/v1.6.2/clusterclass-in-memory-quick-start.yaml @@ -0,0 +1,152 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: in-memory-quick-start +spec: + controlPlane: + metadata: + annotations: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 + kind: InMemoryMachineTemplate + name: in-memory-quick-start-control-plane + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: in-memory-quick-start-control-plane + machineHealthCheck: + unhealthyConditions: + - type: Ready + status: Unknown + timeout: 300s + - type: Ready + status: "False" + timeout: 300s + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 + kind: InMemoryClusterTemplate + name: in-memory-quick-start-cluster + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: in-memory-quick-start-default-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 + kind: InMemoryMachineTemplate + name: in-memory-quick-start-default-worker-machinetemplate + machineHealthCheck: + unhealthyConditions: + - type: Ready + status: Unknown + timeout: 300s + - type: Ready + status: "False" + timeout: 300s +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: InMemoryClusterTemplate +metadata: + name: in-memory-quick-start-cluster +spec: + template: + spec: {} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: in-memory-quick-start-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + certSANs: + - localhost + - 127.0.0.1 + - 0.0.0.0 + - host.docker.internal + controllerManager: + extraArgs: + enable-hostpath-provisioner: "true" + initConfiguration: + nodeRegistration: + criSocket: unix:///var/run/containerd/containerd.sock + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% + joinConfiguration: + nodeRegistration: + criSocket: unix:///var/run/containerd/containerd.sock + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: InMemoryMachineTemplate +metadata: + name: in-memory-quick-start-control-plane +spec: + template: + spec: + behaviour: + vm: + provisioning: + startupDuration: "30s" + startupJitter: "0.2" + node: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + apiServer: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + etcd: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: InMemoryMachineTemplate +metadata: + name: in-memory-quick-start-default-worker-machinetemplate +spec: + template: + spec: + behaviour: + vm: + provisioning: + startupDuration: "30s" + startupJitter: "0.2" + node: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + apiServer: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" + etcd: + provisioning: + startupDuration: "10s" + startupJitter: "0.2" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: in-memory-quick-start-default-worker-bootstraptemplate +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + criSocket: unix:///var/run/containerd/containerd.sock + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% diff --git a/files/cluster-api/v1.6.2/clusterclass-quick-start.yaml b/files/cluster-api/v1.6.2/clusterclass-quick-start.yaml new file mode 100644 index 00000000..497b5d02 --- /dev/null +++ b/files/cluster-api/v1.6.2/clusterclass-quick-start.yaml @@ -0,0 +1,292 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: quick-start +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: quick-start-control-plane + machineInfrastructure: + ref: + kind: DockerMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: quick-start-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerClusterTemplate + name: quick-start-cluster + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: quick-start-default-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + name: quick-start-default-worker-machinetemplate + machinePools: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: quick-start-default-worker-bootstraptemplate + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachinePoolTemplate + name: quick-start-default-worker-machinepooltemplate + variables: + - name: imageRepository + required: true + schema: + openAPIV3Schema: + type: string + default: "" + example: "registry.k8s.io" + description: "imageRepository sets the container registry to pull images from. If empty, nothing will be set and the from of kubeadm will be used." + - name: etcdImageTag + required: true + schema: + openAPIV3Schema: + type: string + default: "" + example: "3.5.3-0" + description: "etcdImageTag sets the tag for the etcd image." + - name: coreDNSImageTag + required: true + schema: + openAPIV3Schema: + type: string + default: "" + example: "v1.8.5" + description: "coreDNSImageTag sets the tag for the coreDNS image." + - name: podSecurityStandard + required: false + schema: + openAPIV3Schema: + type: object + properties: + enabled: + type: boolean + default: true + description: "enabled enables the patches to enable Pod Security Standard via AdmissionConfiguration." + enforce: + type: string + default: "baseline" + description: "enforce sets the level for the enforce PodSecurityConfiguration mode. One of privileged, baseline, restricted." + audit: + type: string + default: "restricted" + description: "audit sets the level for the audit PodSecurityConfiguration mode. One of privileged, baseline, restricted." + warn: + type: string + default: "restricted" + description: "warn sets the level for the warn PodSecurityConfiguration mode. One of privileged, baseline, restricted." + patches: + - name: imageRepository + description: "Sets the imageRepository used for the KubeadmControlPlane." + enabledIf: '{{ ne .imageRepository "" }}' + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/imageRepository" + valueFrom: + variable: imageRepository + - name: etcdImageTag + description: "Sets tag to use for the etcd image in the KubeadmControlPlane." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/etcd" + valueFrom: + template: | + local: + imageTag: {{ .etcdImageTag }} + - name: coreDNSImageTag + description: "Sets tag to use for the etcd image in the KubeadmControlPlane." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/dns" + valueFrom: + template: | + imageTag: {{ .coreDNSImageTag }} + - name: customImage + description: "Sets the container image that is used for running dockerMachines for the controlPlane and default-worker machineDeployments." + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/customImage" + valueFrom: + template: | + kindest/node:{{ .builtin.machineDeployment.version | replace "+" "_" }} + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachinePoolTemplate + matchResources: + machinePoolClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/template/customImage" + valueFrom: + template: | + kindest/node:{{ .builtin.machinePool.version | replace "+" "_" }} + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/customImage" + valueFrom: + template: | + kindest/node:{{ .builtin.controlPlane.version | replace "+" "_" }} + - name: podSecurityStandard + description: "Adds an admission configuration for PodSecurity to the kube-apiserver." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs" + value: + admission-control-config-file: "/etc/kubernetes/kube-apiserver-admission-pss.yaml" + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraVolumes" + value: + - name: admission-pss + hostPath: /etc/kubernetes/kube-apiserver-admission-pss.yaml + mountPath: /etc/kubernetes/kube-apiserver-admission-pss.yaml + readOnly: true + pathType: "File" + - op: add + path: "/spec/template/spec/kubeadmConfigSpec/files" + valueFrom: + template: | + - content: | + apiVersion: apiserver.config.k8s.io/v1 + kind: AdmissionConfiguration + plugins: + - name: PodSecurity + configuration: + apiVersion: pod-security.admission.config.k8s.io/v1{{ if semverCompare "< v1.25" .builtin.controlPlane.version }}beta1{{ end }} + kind: PodSecurityConfiguration + defaults: + enforce: "{{ .podSecurityStandard.enforce }}" + enforce-version: "latest" + audit: "{{ .podSecurityStandard.audit }}" + audit-version: "latest" + warn: "{{ .podSecurityStandard.warn }}" + warn-version: "latest" + exemptions: + usernames: [] + runtimeClasses: [] + namespaces: [kube-system] + path: /etc/kubernetes/kube-apiserver-admission-pss.yaml + enabledIf: "{{ .podSecurityStandard.enabled }}" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerClusterTemplate +metadata: + name: quick-start-cluster +spec: + template: + spec: {} +--- +kind: KubeadmControlPlaneTemplate +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: quick-start-control-plane +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + controllerManager: + extraArgs: { enable-hostpath-provisioner: 'true' } + apiServer: + # host.docker.internal is required by kubetest when running on MacOS because of the way ports are proxied. + certSANs: [localhost, 127.0.0.1, 0.0.0.0, host.docker.internal] + initConfiguration: + nodeRegistration: {} # node registration parameters are automatically injected by CAPD according to the kindest/node image in use. + joinConfiguration: + nodeRegistration: {} # node registration parameters are automatically injected by CAPD according to the kindest/node image in use. +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachineTemplate +metadata: + name: quick-start-control-plane +spec: + template: + spec: + extraMounts: + - containerPath: "/var/run/docker.sock" + hostPath: "/var/run/docker.sock" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachineTemplate +metadata: + name: quick-start-default-worker-machinetemplate +spec: + template: + spec: + extraMounts: + - containerPath: "/var/run/docker.sock" + hostPath: "/var/run/docker.sock" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachinePoolTemplate +metadata: + name: quick-start-default-worker-machinepooltemplate +spec: + template: + spec: + template: {} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: quick-start-default-worker-bootstraptemplate +spec: + template: + spec: + joinConfiguration: + nodeRegistration: {} # node registration parameters are automatically injected by CAPD according to the kindest/node image in use. \ No newline at end of file diff --git a/files/cluster-api/v1.6.2/control-plane-components.yaml b/files/cluster-api/v1.6.2/control-plane-components.yaml new file mode 100644 index 00000000..7105cebc --- /dev/null +++ b/files/cluster-api/v1.6.2/control-plane-components.yaml @@ -0,0 +1,6869 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlane + listKind: KubeadmControlPlaneList + plural: kubeadmcontrolplanes + shortNames: + - kcp + singular: kubeadmcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + infrastructureTemplate: + description: InfrastructureTemplate is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `k8s.gcr.io` will be used by + default; in case of kubernetes version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `k8s.gcr.io` will be used for all + the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should + be used for Kubernetes components instead of their respective + separate images + type: boolean + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + required: + - advertiseAddress + - bindPort + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + - unsafeSkipCAVerification + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: 'TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information TODO: revisit when there is defaulting from + k/k' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a controlplane node The default + value is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + upgradeAfter: + description: UpgradeAfter is a field to indicate an upgrade should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane + format: date-time + type: string + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - infrastructureTemplate + - kubeadmConfigSpec + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. If empty, `registry.k8s.io` will be used + by default; in case of kubernetes version is a CI build + (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images. + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: {}` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: This denotes whether or not the control plane has the uploaded + kubeadm-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: KubeadmControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: API Server Available + type: boolean + - description: Total number of machines desired by this control plane + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this control + plane that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: Time duration since creation of KubeadmControlPlane + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this control plane + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlane is the Schema for the KubeadmControlPlane + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing + and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for the API + server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names + for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout + that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store or + look for all required certificates. NB: if not provided, + this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address + or DNS name for the control plane; it can be a valid IP + address or a RFC-1123 DNS subdomain, both with optional + TCP port. In case the ControlPlaneEndpoint is not specified, + the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint + is specified but without a TCP port, the BindPort is used. + Possible usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned the + address of the external load balancer in front of the control + plane instances. e.g. in environments with enforced node + recycling, the ControlPlaneEndpoint could be used for assigning + a stable DNS to the control plane. NB: This value defaults + to the first value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings for + the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed + in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + image. In case this value is set, kubeadm does not change + automatically the version of the above components during + upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: This + value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect to an external + etcd cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority + file used to secure etcd communication. Required + if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file + used to secure etcd communication. Required if using + a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for + ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure + etcd communication. Required if using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually + exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place + its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments provided + to the etcd binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. if not set, the ImageRepository + defined in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for + the image. In case this value is set, kubeadm does + not change automatically the version of the above + components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative + Names for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative + Names for the etcd server signing cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io (new registry): + >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io + (old registry): all older versions Please note that when + imageRepository is not set we don''t allow upgrades to versions + >= v1.22.0 which use the old registry (k8s.gcr.io). Please + use a newer patch version with the new registry instead + (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). + * If the version is a CI build (kubernetes version starts + with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components and + for kube-proxy, while `registry.k8s.io` will be used for + all the other images.' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version of the + control plane. NB: This value defaults to the Machine object + spec.version' + type: string + networking: + description: 'Networking holds configuration for the networking + topology of the cluster. NB: This value defaults to the + Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. + Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. If + unset, the API server will not allocate CIDR ranges + for every node. Defaults to a comma-delimited string + of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. + Defaults to a comma-delimited string of the Cluster + object's spec.clusterNetwork.pods.cidrBlocks, or to + "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler + control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags to pass + to the control plane component. TODO: This is temporary + and ideally we would like to switch all components to + use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, + mounted to the control plane component. + items: + description: HostPathMount contains elements describing + volumes that are mounted from the host. + properties: + hostPath: + description: HostPath is the path in the host that + will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod + where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the + volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add + to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to + be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing + file system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", + "none", and , where NUM is the actual partition + number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, used + for Microsoft Azure that instructs cloud-init to replace + a file system of . NOTE: unless you define + a label, this requires the use of the ''any'' partition + directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If + it is true, a single partition will be created for + the entire device. When layout is false, it means + don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default + is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file + contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the bootstrap + data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional configuration + to be merged with the Ignition configuration generated + by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig should + be strictly parsed. If so, warnings are treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm init` + time and describes a set of Bootstrap Tokens to create. + This information IS NOT uploaded to the kubeadm cluster + configmap, partly because of its sensitive nature + items: + description: BootstrapToken describes one bootstrap token, + stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly message + why this token exists and what it's used for, so other + administrators can know its purpose. + type: string + expires: + description: Expires specifies the timestamp when this + token expires. Defaults to being set dynamically at + runtime based on the TTL. Expires and TTL are mutually + exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups that + this token will authenticate as when/if used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing bidirectional + trust between nodes and control-planes. Used for joining + nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for this token. + Defaults to 24h. Expires and TTL are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which this + token can be used. Can by default be used for establishing + bidirectional trust, but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint of the + API server instance that's deployed on this control plane + node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint + in the sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests to + each individual API server. This configuration object lets + you customize what IP/DNS name and port the local API server + advertises it's accessible on. By default, kubeadm tries + to auto-detect the IP of the default interface and use that, + but in case that process fails you may set the desired value + here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address for + the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the API + Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + init". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration for + the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node and + control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control plane + instance to be deployed on the joining node. If nil, no + additional control plane instance will be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for the + API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for the kubelet + to use during the TLS Bootstrap process TODO: revisit when + there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the options + for bootstrap token based discovery BootstrapToken and + File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or domain + name to the API server from which info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set of public + key pins to verify when token-based discovery is + used. The root CA found during discovery must match + one of these values. Specifying an empty set disables + root CA pinning, which can be unsafe. Each hash + is specified as ":", where the only + currently supported type is "sha256". This is a + hex-encoded SHA-256 hash of the Subject Public Key + Info (SPKI) object in DER-encoded ASN.1. These hashes + can be calculated using, for example, OpenSSL: openssl + x509 -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate cluster + information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows token-based + discovery without CA verification via CACertHashes. + This can weaken the security of kubeadm since other + nodes can impersonate the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or URL to + a kubeconfig file from which to load cluster information + BootstrapToken and File are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify the + actual file path or URL to the kubeconfig file from + which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used for TLS + bootstrapping. If .BootstrapToken is set, this field + is defaulted to .BootstrapToken.Token, but can be overridden. + If .File is set, this field **must be set** in case + the KubeConfigFile does not contain any other authentication + information + type: string + type: object + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate to + registering the new control-plane node to the cluster. When + used in the context of control plane nodes, NodeRegistration + should remain consistent across both InitConfiguration and + JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container runtime + info. This information will be annotated to the Node + API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a slice of + pre-flight errors to be ignored when the current node + is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy for + image pulling during kubeadm "init" and "join" operations. + The value of this field must be one of "Always", "IfNotPresent" + or "Never". Defaults to "IfNotPresent". This can be + used only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra arguments + to the kubelet. The arguments here are passed to the + kubelet command line via the environment file kubeadm + writes at runtime for the kubelet to source. This overrides + the generic base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. These + values are local and specific to the node kubeadm is + executing on. + type: object + name: + description: Name is the `.Metadata.Name` field of the + Node API object that will be created in this `kubeadm + init` or `kubeadm join` operation. This field is also + used in the CommonName field of the kubelet's client + certificate to the API server. Defaults to the hostname + of the node if not provided. + type: string + taints: + description: 'Taints specifies the taints the Node API + object should be registered with. If this field is unset, + i.e. nil, in the `kubeadm init` process it will be defaulted + to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane node, + set this field to an empty slice, i.e. `taints: []` + in the YAML file. This field is solely used for Node + registration.' + items: + description: The node this Taint is attached to has + the "effect" on any pod that does not tolerate the + Taint. + properties: + effect: + description: Required. The effect of the taint on + pods that do not tolerate the taint. Valid effects + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied + to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which + the taint was added. It is only written for NoExecute + taints. + format: date-time + type: string + value: + description: The taint value corresponding to the + taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during "kubeadm + join". The minimum kubernetes version needed to support + Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory that contains + files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or just "etcd.json". + "target" can be one of "kube-apiserver", "kube-controller-manager", + "kube-scheduler", "etcd". "patchtype" can be one of + "strategic" "merge" or "json" and they match the patch + formats supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" or + "yaml". "suffix" is an optional string that can be used + to determine which patches are applied first alpha-numerically. + These files can be written into the target directory + via KubeadmConfig.Files which specifies additional files + to be created on the machine, either with content inline + or by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip during + command execution. The list of phases can be obtained with + the "kubeadm init --help" command. This option takes effect + only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands to run + after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands to run + before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic kubeadm + command with a shell script with retries for joins. \n This + is meant to be an experimental temporary workaround on some + environments where joins fail due to timing (and other issues). + The long term goal is to add retries to kubeadm proper and use + that functionality. \n This will add about 40KB to userdata + \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed and + this field will be removed in a future release. When removing + also remove from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in + cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for + the user + type: string + homeDir: + description: HomeDir specifies the home directory to use + for the user + type: string + inactive: + description: Inactive specifies whether to mark the user + as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password for the + user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's data + map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for + the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log level + verbosity. It overrides the `--v` flag in kubeadm commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the machine + controller will attempt to delete the Node that the Machine + hosts after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. If no value is provided, + the default value for this property of the Machine resource + will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a controlplane node The + default value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different from + `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. + type: string + required: + - infrastructureRef + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control plane + machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while attempting + to remediate an unhealthy machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. For example, given a control plane with three machines + M1, M2, M3: \n M1 become unhealthy; remediation happens, and + M1-1 is created as a replacement. If M1-1 (replacement of M1) + has problems while bootstrapping it will become unhealthy, and + then be remediated; such operation is considered a retry, remediation-retry + #1. If M1-2 (replacement of M1-1) becomes unhealthy, remediation-retry + #2 will happen, etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation expired, + this is not considered a retry anymore because the new issue + is assumed unrelated from the previous one. \n If not set, the + remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after which + KCP will consider any failure to a machine unrelated from the + previous one. In this case the remediation is not considered + a retry anymore, and thus the retry counter restarts from 0. + For example, assuming MinHealthyPeriod is set to 1h (default) + \n M1 become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems within + the 1hr after the creation, also this machine will be remediated + and this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead the problem + on M1-1 is happening after MinHealthyPeriod expired, e.g. four + days after m1-1 has been created as a remediation of M1, the + problem on M1-1 is considered unrelated to the original issue + happened to M1. \n If not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should wait + before remediating a machine being created as a replacement + for an unhealthy machine (a retry). \n If not set, a retry will + happen immediately." + type: string + type: object + replicas: + description: Number of desired machines. Defaults to 1. When stacked + etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the KubeadmControlPlane. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout should + be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout needs + to be performed if the certificates of the machine will expire + within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes that can + be scheduled above or under the desired number of control + planes. Value can be an absolute number 1 or 0. Defaults + to 1. Example: when this is set to 1, the control plane + can be scaled up immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: 'Version defines the desired Kubernetes version. Please + note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository + is not set we don''t allow upgrades to versions >= v1.22.0 for which + kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch + version with the new registry instead. The default registries of + kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, + >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + status: + description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. + properties: + conditions: + description: Conditions defines current service state of the KubeadmControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a terminal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubeadm-config configmap. + type: boolean + lastRemediation: + description: LastRemediation stores info about last remediation performed. + properties: + machine: + description: Machine is the machine name of the latest machine + being remediated. + type: string + retryCount: + description: RetryCount used to keep track of remediation retry + for the last remediated machine. A retry happens when a machine + that was created as a replacement for an unhealthy machine also + fails. + format: int32 + type: integer + timestamp: + description: Timestamp is when last remediation happened. It is + represented in RFC3339 form and is in UTC. + format: date-time + type: string + required: + - machine + - retryCount + - timestamp + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the KubeadmControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + control plane that have the desired template spec. + format: int32 + type: integer + version: + description: Version represents the minimum Kubernetes version for + the control plane machines in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: KubeadmControlPlaneTemplate + listKind: KubeadmControlPlaneTemplateList + plural: kubeadmcontrolplanetemplates + singular: kubeadmcontrolplanetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + spec: + description: KubeadmControlPlaneSpec defines the desired state + of KubeadmControlPlane. + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry + to pull images from. If empty, `registry.k8s.io` + will be used by default; in case of kubernetes version + is a CI build (kubernetes version starts with `ci/` + or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will + be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images. + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + type: string + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: {}` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + infrastructureRef: + description: InfrastructureRef is a required reference + to a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + required: + - infrastructureRef + type: object + replicas: + description: Number of desired machines. Defaults to 1. When + stacked etcd is used only odd numbers are permitted, as + per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). + This is a pointer to distinguish between explicit zero and + not specified. + format: int32 + type: integer + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + version: + description: Version defines the desired Kubernetes version. + type: string + required: + - kubeadmConfigSpec + - machineTemplate + - version + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of KubeadmControlPlaneTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeadmControlPlaneTemplateSpec defines the desired state + of KubeadmControlPlaneTemplate. + properties: + template: + description: KubeadmControlPlaneTemplateResource describes the data + needed to create a KubeadmControlPlane from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'KubeadmControlPlaneTemplateResourceSpec defines + the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec + is similar to KubeadmControlPlaneSpec but omits Replicas and + Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, + because they are calculated by the Cluster topology reconciler + during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.' + properties: + kubeadmConfigSpec: + description: KubeadmConfigSpec is a KubeadmConfigSpec to use + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: ClusterConfiguration along with InitConfiguration + are the configurations necessary for the init command + properties: + apiServer: + description: APIServer contains extra settings for + the API server control plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative + Names for the API Server signing cert. + items: + type: string + type: array + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the + timeout that we use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + certificatesDir: + description: 'CertificatesDir specifies where to store + or look for all required certificates. NB: if not + provided, this will default to `/etc/kubernetes/pki`' + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP + address or DNS name for the control plane; it can + be a valid IP address or a RFC-1123 DNS subdomain, + both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort + are used; in case the ControlPlaneEndpoint is specified + but without a TCP port, the BindPort is used. Possible + usages are: e.g. In a cluster with more than one + control plane instances, this field should be assigned + the address of the external load balancer in front + of the control plane instances. e.g. in environments + with enforced node recycling, the ControlPlaneEndpoint + could be used for assigning a stable DNS to the + control plane. NB: This value defaults to the first + value in the Cluster object status.apiEndpoints + array.' + type: string + controllerManager: + description: ControllerManager contains extra settings + for the controller manager control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on + installed in the cluster. + properties: + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, the + ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag + for the image. In case this value is set, kubeadm + does not change automatically the version of + the above components during upgrades. + type: string + type: object + etcd: + description: 'Etcd holds configuration for etcd. NB: + This value defaults to a Local (stacked) etcd' + properties: + external: + description: External describes how to connect + to an external etcd cluster Local and External + are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate + Authority file used to secure etcd communication. + Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification + file used to secure etcd communication. + Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required + for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used + to secure etcd communication. Required if + using a TLS connection. + type: string + required: + - caFile + - certFile + - endpoints + - keyFile + type: object + local: + description: Local provides configuration knobs + for configuring the local etcd instance Local + and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd + will place its data. Defaults to "/var/lib/etcd". + type: string + extraArgs: + additionalProperties: + type: string + description: ExtraArgs are extra arguments + provided to the etcd binary when run inside + a static pod. + type: object + imageRepository: + description: ImageRepository sets the container + registry to pull images from. if not set, + the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a + tag for the image. In case this value is + set, kubeadm does not change automatically + the version of the above components during + upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject + Alternative Names for the etcd peer signing + cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject + Alternative Names for the etcd server signing + cert. + items: + type: string + type: array + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: 'ImageRepository sets the container registry + to pull images from. * If not set, the default registry + of kubeadm will be used, i.e. * registry.k8s.io + (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0 * k8s.gcr.io (old registry): all older + versions Please note that when imageRepository is + not set we don''t allow upgrades to versions >= + v1.22.0 which use the old registry (k8s.gcr.io). + Please use a newer patch version with the new registry + instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, + >= v1.25.0). * If the version is a CI build (kubernetes + version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` + will be used as a default for control plane components + and for kube-proxy, while `registry.k8s.io` will + be used for all the other images.' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: 'KubernetesVersion is the target version + of the control plane. NB: This value defaults to + the Machine object spec.version' + type: string + networking: + description: 'Networking holds configuration for the + networking topology of the cluster. NB: This value + defaults to the Cluster object spec.clusterNetwork.' + properties: + dnsDomain: + description: DNSDomain is the dns domain used + by k8s services. Defaults to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + If unset, the API server will not allocate CIDR + ranges for every node. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.services.cidrBlocks + if that is set + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used + by k8s services. Defaults to a comma-delimited + string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, + or to "10.96.0.0/12" if that's unset. + type: string + type: object + scheduler: + description: Scheduler contains extra settings for + the scheduler control plane component + properties: + extraArgs: + additionalProperties: + type: string + description: 'ExtraArgs is an extra set of flags + to pass to the control plane component. TODO: + This is temporary and ideally we would like + to switch all components to use ComponentConfig + + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host + volumes, mounted to the control plane component. + items: + description: HostPathMount contains elements + describing volumes that are mounted from the + host. + properties: + hostPath: + description: HostPath is the path in the + host that will be mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside + the pod where hostPath will be mounted. + type: string + name: + description: Name of the volume inside the + pod template. + type: string + pathType: + description: PathType is the type of the + HostPath. + type: string + readOnly: + description: ReadOnly controls write access + to the volume + type: boolean + required: + - hostPath + - mountPath + - name + type: object + type: array + type: object + type: object + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file + systems to setup. + items: + description: Filesystem defines the file systems + to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options + to add to the command for creating the file + system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system + label to be used. If set to None, no label + is used. + type: string + overwrite: + description: Overwrite defines whether or not + to overwrite any existing filesystem. If true, + any pre-existing file system will be destroyed. + Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", + "auto", "any", "none", and , where NUM + is the actual partition number.' + type: string + replaceFS: + description: 'ReplaceFS is a special directive, + used for Microsoft Azure that instructs cloud-init + to replace a file system of . NOTE: + unless you define a label, this requires the + use of the ''any'' partition directive.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the + partitions to setup. + items: + description: Partition defines how to create and + layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be + created for the entire device. When layout + is false, it means don't partition or ignore + existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to + skip checks and create the partition if a + partition or filesystem is found on the device. + Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of + partition table. The following are supported: + ''mbr'': default and setups a MS-DOS partition + table ''gpt'': setups a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + files: + description: Files specifies extra files to be passed + to user_data upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append + Content to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the + file. + type: string + contentFrom: + description: ContentFrom is a referenced source + of content to populate the file. + properties: + secret: + description: Secret represents a secret that + should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of + the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the + file, e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk + where to store the file. + type: string + permissions: + description: Permissions specifies the permissions + to assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + format: + description: Format specifies the output format of the + bootstrap data + enum: + - cloud-config + - ignition + type: string + ignition: + description: Ignition contains Ignition specific configuration. + properties: + containerLinuxConfig: + description: ContainerLinuxConfig contains CLC specific + configuration. + properties: + additionalConfig: + description: "AdditionalConfig contains additional + configuration to be merged with the Ignition + configuration generated by the bootstrapper + controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging + \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" + type: string + strict: + description: Strict controls if AdditionalConfig + should be strictly parsed. If so, warnings are + treated as errors. + type: boolean + type: object + type: object + initConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootstrapTokens: + description: BootstrapTokens is respected at `kubeadm + init` time and describes a set of Bootstrap Tokens + to create. This information IS NOT uploaded to the + kubeadm cluster configmap, partly because of its + sensitive nature + items: + description: BootstrapToken describes one bootstrap + token, stored as a Secret in the cluster. + properties: + description: + description: Description sets a human-friendly + message why this token exists and what it's + used for, so other administrators can know + its purpose. + type: string + expires: + description: Expires specifies the timestamp + when this token expires. Defaults to being + set dynamically at runtime based on the TTL. + Expires and TTL are mutually exclusive. + format: date-time + type: string + groups: + description: Groups specifies the extra groups + that this token will authenticate as when/if + used for authentication + items: + type: string + type: array + token: + description: Token is used for establishing + bidirectional trust between nodes and control-planes. + Used for joining nodes in the cluster. + type: string + ttl: + description: TTL defines the time to live for + this token. Defaults to 24h. Expires and TTL + are mutually exclusive. + type: string + usages: + description: Usages describes the ways in which + this token can be used. Can by default be + used for establishing bidirectional trust, + but that can be changed here. + items: + type: string + type: array + required: + - token + type: object + type: array + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance that's deployed on this + control plane node In HA setups, this differs from + ClusterConfiguration.ControlPlaneEndpoint in the + sense that ControlPlaneEndpoint is the global endpoint + for the cluster, which then loadbalances the requests + to each individual API server. This configuration + object lets you customize what IP/DNS name and port + the local API server advertises it's accessible + on. By default, kubeadm tries to auto-detect the + IP of the default interface and use that, but in + case that process fails you may set the desired + value here. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP address + for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port for + the API Server to bind to. Defaults to 6443. + format: int32 + type: integer + type: object + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm init". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + joinConfiguration: + description: JoinConfiguration is the kubeadm configuration + for the join command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + caCertPath: + description: 'CACertPath is the path to the SSL certificate + authority used to secure comunications between node + and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". + TODO: revisit when there is defaulting from k/k' + type: string + controlPlane: + description: ControlPlane defines the additional control + plane instance to be deployed on the joining node. + If nil, no additional control plane instance will + be deployed. + properties: + localAPIEndpoint: + description: LocalAPIEndpoint represents the endpoint + of the API server instance to be deployed on + this node. + properties: + advertiseAddress: + description: AdvertiseAddress sets the IP + address for the API server to advertise. + type: string + bindPort: + description: BindPort sets the secure port + for the API Server to bind to. Defaults + to 6443. + format: int32 + type: integer + type: object + type: object + discovery: + description: 'Discovery specifies the options for + the kubelet to use during the TLS Bootstrap process + TODO: revisit when there is defaulting from k/k' + properties: + bootstrapToken: + description: BootstrapToken is used to set the + options for bootstrap token based discovery + BootstrapToken and File are mutually exclusive + properties: + apiServerEndpoint: + description: APIServerEndpoint is an IP or + domain name to the API server from which + info will be fetched. + type: string + caCertHashes: + description: 'CACertHashes specifies a set + of public key pins to verify when token-based + discovery is used. The root CA found during + discovery must match one of these values. + Specifying an empty set disables root CA + pinning, which can be unsafe. Each hash + is specified as ":", where + the only currently supported type is "sha256". + This is a hex-encoded SHA-256 hash of the + Subject Public Key Info (SPKI) object in + DER-encoded ASN.1. These hashes can be calculated + using, for example, OpenSSL: openssl x509 + -pubkey -in ca.crt openssl rsa -pubin -outform + der 2>&/dev/null | openssl dgst -sha256 + -hex' + items: + type: string + type: array + token: + description: Token is a token used to validate + cluster information fetched from the control-plane. + type: string + unsafeSkipCAVerification: + description: UnsafeSkipCAVerification allows + token-based discovery without CA verification + via CACertHashes. This can weaken the security + of kubeadm since other nodes can impersonate + the control-plane. + type: boolean + required: + - token + type: object + file: + description: File is used to specify a file or + URL to a kubeconfig file from which to load + cluster information BootstrapToken and File + are mutually exclusive + properties: + kubeConfigPath: + description: KubeConfigPath is used to specify + the actual file path or URL to the kubeconfig + file from which to load cluster information + type: string + required: + - kubeConfigPath + type: object + timeout: + description: Timeout modifies the discovery timeout + type: string + tlsBootstrapToken: + description: TLSBootstrapToken is a token used + for TLS bootstrapping. If .BootstrapToken is + set, this field is defaulted to .BootstrapToken.Token, + but can be overridden. If .File is set, this + field **must be set** in case the KubeConfigFile + does not contain any other authentication information + type: string + type: object + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + nodeRegistration: + description: NodeRegistration holds fields that relate + to registering the new control-plane node to the + cluster. When used in the context of control plane + nodes, NodeRegistration should remain consistent + across both InitConfiguration and JoinConfiguration + properties: + criSocket: + description: CRISocket is used to retrieve container + runtime info. This information will be annotated + to the Node API object, for later re-use + type: string + ignorePreflightErrors: + description: IgnorePreflightErrors provides a + slice of pre-flight errors to be ignored when + the current node is registered. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy specifies the policy + for image pulling during kubeadm "init" and + "join" operations. The value of this field must + be one of "Always", "IfNotPresent" or "Never". + Defaults to "IfNotPresent". This can be used + only with Kubernetes version equal to 1.22 and + later. + enum: + - Always + - IfNotPresent + - Never + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes through extra + arguments to the kubelet. The arguments here + are passed to the kubelet command line via the + environment file kubeadm writes at runtime for + the kubelet to source. This overrides the generic + base-level configuration in the kubelet-config-1.X + ConfigMap Flags have higher priority when parsing. + These values are local and specific to the node + kubeadm is executing on. + type: object + name: + description: Name is the `.Metadata.Name` field + of the Node API object that will be created + in this `kubeadm init` or `kubeadm join` operation. + This field is also used in the CommonName field + of the kubelet's client certificate to the API + server. Defaults to the hostname of the node + if not provided. + type: string + taints: + description: 'Taints specifies the taints the + Node API object should be registered with. If + this field is unset, i.e. nil, in the `kubeadm + init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. + If you don''t want to taint your control-plane + node, set this field to an empty slice, i.e. + `taints: []` in the YAML file. This field is + solely used for Node registration.' + items: + description: The node this Taint is attached + to has the "effect" on any pod that does not + tolerate the Taint. + properties: + effect: + description: Required. The effect of the + taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to + be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time + at which the taint was added. It is only + written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding + to the taint key. + type: string + required: + - effect + - key + type: object + type: array + type: object + patches: + description: Patches contains options related to applying + patches to components deployed by kubeadm during + "kubeadm join". The minimum kubernetes version needed + to support Patches is v1.22 + properties: + directory: + description: Directory is a path to a directory + that contains files named "target[suffix][+patchtype].extension". + For example, "kube-apiserver0+merge.yaml" or + just "etcd.json". "target" can be one of "kube-apiserver", + "kube-controller-manager", "kube-scheduler", + "etcd". "patchtype" can be one of "strategic" + "merge" or "json" and they match the patch formats + supported by kubectl. The default "patchtype" + is "strategic". "extension" must be either "json" + or "yaml". "suffix" is an optional string that + can be used to determine which patches are applied + first alpha-numerically. These files can be + written into the target directory via KubeadmConfig.Files + which specifies additional files to be created + on the machine, either with content inline or + by referencing a secret. + type: string + type: object + skipPhases: + description: SkipPhases is a list of phases to skip + during command execution. The list of phases can + be obtained with the "kubeadm init --help" command. + This option takes effect only on Kubernetes >=1.22.0. + items: + type: string + type: array + type: object + mounts: + description: Mounts specifies a list of mount points to + be setup. + items: + description: MountPoints defines input for generated + mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + postKubeadmCommands: + description: PostKubeadmCommands specifies extra commands + to run after kubeadm runs + items: + type: string + type: array + preKubeadmCommands: + description: PreKubeadmCommands specifies extra commands + to run before kubeadm runs + items: + type: string + type: array + useExperimentalRetryJoin: + description: "UseExperimentalRetryJoin replaces a basic + kubeadm command with a shell script with retries for + joins. \n This is meant to be an experimental temporary + workaround on some environments where joins fail due + to timing (and other issues). The long term goal is + to add retries to kubeadm proper and use that functionality. + \n This will add about 40KB to userdata \n For more + information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. + \n Deprecated: This experimental fix is no longer needed + and this field will be removed in a future release. + When removing also remove from staticcheck exclude-rules + for SA1019 in golangci.yml" + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated + user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for + the user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory + to use for the user + type: string + inactive: + description: Inactive specifies whether to mark + the user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password + login should be disabled + type: boolean + name: + description: Name specifies the user name + type: string + passwd: + description: Passwd specifies a hashed password + for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of + passwd to populate the passwd. + properties: + secret: + description: Secret represents a secret that + should populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary + group for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list + of ssh authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the + user + type: string + required: + - name + type: object + type: array + verbosity: + description: Verbosity is the number for the kubeadm log + level verbosity. It overrides the `--v` flag in kubeadm + commands. + format: int32 + type: integer + type: object + machineTemplate: + description: MachineTemplate contains information about how + machines should be shaped when creating or updating a control + plane. + properties: + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + machine controller will attempt to delete the Node that + the Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. If + no value is provided, the default value for this property + of the Machine resource will be used. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a controlplane + node The default value is 0, meaning that the node can + be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, + meaning that the volumes can be detached without any + time limitations. + type: string + type: object + remediationStrategy: + description: The RemediationStrategy that controls how control + plane machine remediation happens. + properties: + maxRetry: + description: "MaxRetry is the Max number of retries while + attempting to remediate an unhealthy machine. A retry + happens when a machine that was created as a replacement + for an unhealthy machine also fails. For example, given + a control plane with three machines M1, M2, M3: \n M1 + become unhealthy; remediation happens, and M1-1 is created + as a replacement. If M1-1 (replacement of M1) has problems + while bootstrapping it will become unhealthy, and then + be remediated; such operation is considered a retry, + remediation-retry #1. If M1-2 (replacement of M1-1) + becomes unhealthy, remediation-retry #2 will happen, + etc. \n A retry could happen only after RetryPeriod + from the previous retry. If a machine is marked as unhealthy + after MinHealthyPeriod from the previous remediation + expired, this is not considered a retry anymore because + the new issue is assumed unrelated from the previous + one. \n If not set, the remedation will be retried infinitely." + format: int32 + type: integer + minHealthyPeriod: + description: "MinHealthyPeriod defines the duration after + which KCP will consider any failure to a machine unrelated + from the previous one. In this case the remediation + is not considered a retry anymore, and thus the retry + counter restarts from 0. For example, assuming MinHealthyPeriod + is set to 1h (default) \n M1 become unhealthy; remediation + happens, and M1-1 is created as a replacement. If M1-1 + (replacement of M1) has problems within the 1hr after + the creation, also this machine will be remediated and + this operation is considered a retry - a problem related + to the original issue happened to M1 -. \n If instead + the problem on M1-1 is happening after MinHealthyPeriod + expired, e.g. four days after m1-1 has been created + as a remediation of M1, the problem on M1-1 is considered + unrelated to the original issue happened to M1. \n If + not set, this value is defaulted to 1h." + type: string + retryPeriod: + description: "RetryPeriod is the duration that KCP should + wait before remediating a machine being created as a + replacement for an unhealthy machine (a retry). \n If + not set, a retry will happen immediately." + type: string + type: object + rolloutAfter: + description: RolloutAfter is a field to indicate a rollout + should be performed after the specified time even if no + changes have been made to the KubeadmControlPlane. + format: date-time + type: string + rolloutBefore: + description: RolloutBefore is a field to indicate a rollout + should be performed if the specified criteria is met. + properties: + certificatesExpiryDays: + description: CertificatesExpiryDays indicates a rollout + needs to be performed if the certificates of the machine + will expire within the specified days. + format: int32 + type: integer + type: object + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of control planes + that can be scheduled above or under the desired + number of control planes. Value can be an absolute + number 1 or 0. Defaults to 1. Example: when this + is set to 1, the control plane can be scaled up + immediately when the rolling update starts.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of rollout. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + required: + - kubeadmConfigSpec + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-role + namespace: capi-kubeadm-control-plane-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: capi-kubeadm-control-plane-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-leader-election-rolebinding + namespace: capi-kubeadm-control-plane-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-kubeadm-control-plane-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-kubeadm-control-plane-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-kubeadm-control-plane-manager + namespace: capi-kubeadm-control-plane-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-kubeadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + name: capi-kubeadm-control-plane-controller-manager + namespace: capi-kubeadm-control-plane-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-kubeadm-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-kubeadm-control-plane-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-serving-cert + namespace: capi-kubeadm-control-plane-system +spec: + dnsNames: + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc + - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-kubeadm-control-plane-selfsigned-issuer + secretName: capi-kubeadm-control-plane-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-selfsigned-issuer + namespace: capi-kubeadm-control-plane-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-kubeadm + name: capi-kubeadm-control-plane-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - UPDATE + resources: + - kubeadmcontrolplanes/scale + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-kubeadm-control-plane-webhook-service + namespace: capi-kubeadm-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate + failurePolicy: Fail + name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kubeadmcontrolplanetemplates + sideEffects: None diff --git a/files/cluster-api/v1.6.2/core-components.yaml b/files/cluster-api/v1.6.2/core-components.yaml new file mode 100644 index 00000000..6af9ed78 --- /dev/null +++ b/files/cluster-api/v1.6.2/core-components.yaml @@ -0,0 +1,12395 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterclasses.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterClass + listKind: ClusterClassList + plural: clusterclasses + shortNames: + - cc + singular: clusterclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterClass is a template which can be used to create managed + topologies. \n Deprecated: This type will be removed in one of the next + releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineInfrastructure: + description: "MachineTemplate defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged with + the corresponding metadata from the topology. \n This field + is supported if and only if the control plane provider template + referenced is Machine based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterClass + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterClass is a template which can be used to create managed + topologies. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClassSpec describes the desired state of the ClusterClass. + properties: + controlPlane: + description: ControlPlane is a reference to a local struct that holds + the details for provisioning the Control Plane for the Cluster. + properties: + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck for + this ControlPlaneClass. This field is supported if and only + if the ControlPlane provider template referenced above is Machine + based and supports setting replicas. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at + most "MaxUnhealthy" machines selected by "selector" are + not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node + will be considered to have failed and will be remediated. + If you wish to disable this feature, set the value explicitly + to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This + field is completely optional, when filled, the MachineHealthCheck + controller creates a new object from the template referenced + and hands off remediation of the machine to a controller + that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The + conditions are combined in a logical OR, i.e. if any of + the conditions is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for at + least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the + number of machines selected by "selector" as not healthy + is within the range of "UnhealthyRange". Takes precedence + over MaxUnhealthy. Eg. "[3-5]" - This means that remediation + will be allowed only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + machineInfrastructure: + description: "MachineInfrastructure defines the metadata and infrastructure + information for control plane machines. \n This field is supported + if and only if the control plane provider template referenced + above is Machine based and supports setting replicas." + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: "Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced is machine based. If not, it is applied only to the + ControlPlane. At runtime this metadata is merged with the corresponding + metadata from the topology. \n This field is supported if and + only if the control plane provider template referenced is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the control plane provider object. + properties: + template: + description: 'Template defines the template to use for generating + the name of the ControlPlane object. If not defined, it + will fallback to `{{ .cluster.name }}-{{ .random }}`. If + the templated string exceeds 63 characters, it will be trimmed + to 58 characters and will get concatenated with a random + suffix of length 5. The templating mechanism provides the + following arguments: * `.cluster.name`: The name of the + cluster object. * `.random`: A random alphanumeric string, + without vowels, of length 5.' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will retry + deletion indefinitely. Defaults to 10 seconds. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that + the controller will spend on draining a node. The default value + is 0, meaning that the node can be drained without any time + limitations. NOTE: NodeDrainTimeout is different from `kubectl + drain --timeout` NOTE: This value can be overridden while defining + a Cluster.Topology.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount of time + that the controller will spend on waiting for all volumes to + be detached. The default value is 0, meaning that the volumes + can be detached without any time limitations. NOTE: This value + can be overridden while defining a Cluster.Topology.' + type: string + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure is a reference to a provider-specific + template that holds the details for provisioning infrastructure + specific cluster for the underlying provider. The underlying provider + is responsible for the implementation of the template to an infrastructure + cluster. + properties: + ref: + description: Ref is a required reference to a custom resource + offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + patches: + description: 'Patches defines the patches which are applied to customize + referenced templates of a ClusterClass. Note: Patches will be applied + in the order of the array.' + items: + description: ClusterClassPatch defines a patch which is applied + to customize the referenced templates. + properties: + definitions: + description: 'Definitions define inline patches. Note: Patches + will be applied in the order of the array. Note: Exactly one + of Definitions or External must be set.' + items: + description: PatchDefinition defines a patch which is applied + to customize the referenced templates. + properties: + jsonPatches: + description: 'JSONPatches defines the patches which should + be applied on the templates matching the selector. Note: + Patches will be applied in the order of the array.' + items: + description: JSONPatch defines a JSON patch. + properties: + op: + description: 'Op defines the operation of the patch. + Note: Only `add`, `replace` and `remove` are supported.' + type: string + path: + description: 'Path defines the path of the patch. + Note: Only the spec of a template can be patched, + thus the path has to start with /spec/. Note: + For now the only allowed array modifications are + `append` and `prepend`, i.e.: * for op: `add`: + only index 0 (prepend) and - (append) are allowed + * for op: `replace` or `remove`: no indexes are + allowed' + type: string + value: + description: 'Value defines the value of the patch. + Note: Either Value or ValueFrom is required for + add and replace operations. Only one of them is + allowed to be set at the same time. Note: We have + to use apiextensionsv1.JSON instead of our JSON + type, because controller-tools has a hard-coded + schema for apiextensionsv1.JSON which cannot be + produced by another type (unset type field). Ref: + https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: 'ValueFrom defines the value of the + patch. Note: Either Value or ValueFrom is required + for add and replace operations. Only one of them + is allowed to be set at the same time.' + properties: + template: + description: 'Template is the Go template to + be used to calculate the value. A template + can reference variables defined in .spec.variables + and builtin variables. Note: The template + must evaluate to a valid YAML or JSON value.' + type: string + variable: + description: Variable is the variable to be + used as value. Variable can be one of the + variables defined in .spec.variables or a + builtin variable. + type: string + type: object + required: + - op + - path + type: object + type: array + selector: + description: Selector defines on which templates the patch + should be applied. + properties: + apiVersion: + description: APIVersion filters templates by apiVersion. + type: string + kind: + description: Kind filters templates by kind. + type: string + matchResources: + description: MatchResources selects templates based + on where they are referenced. + properties: + controlPlane: + description: 'ControlPlane selects templates referenced + in .spec.ControlPlane. Note: this will match + the controlPlane and also the controlPlane machineInfrastructure + (depending on the kind and apiVersion).' + type: boolean + infrastructureCluster: + description: InfrastructureCluster selects templates + referenced in .spec.infrastructure. + type: boolean + machineDeploymentClass: + description: MachineDeploymentClass selects templates + referenced in specific MachineDeploymentClasses + in .spec.workers.machineDeployments. + properties: + names: + description: Names selects templates by class + names. + items: + type: string + type: array + type: object + machinePoolClass: + description: MachinePoolClass selects templates + referenced in specific MachinePoolClasses in + .spec.workers.machinePools. + properties: + names: + description: Names selects templates by class + names. + items: + type: string + type: array + type: object + type: object + required: + - apiVersion + - kind + - matchResources + type: object + required: + - jsonPatches + - selector + type: object + type: array + description: + description: Description is a human-readable description of + this patch. + type: string + enabledIf: + description: EnabledIf is a Go template to be used to calculate + if a patch should be enabled. It can reference variables defined + in .spec.variables and builtin variables. The patch will be + enabled if the template evaluates to `true`, otherwise it + will be disabled. If EnabledIf is not set, the patch will + be enabled per default. + type: string + external: + description: 'External defines an external patch. Note: Exactly + one of Definitions or External must be set.' + properties: + discoverVariablesExtension: + description: DiscoverVariablesExtension references an extension + which is called to discover variables. + type: string + generateExtension: + description: GenerateExtension references an extension which + is called to generate patches. + type: string + settings: + additionalProperties: + type: string + description: Settings defines key value pairs to be passed + to the extensions. Values defined here take precedence + over the values defined in the corresponding ExtensionConfig. + type: object + validateExtension: + description: ValidateExtension references an extension which + is called to validate the topology. + type: string + type: object + name: + description: Name of the patch. + type: string + required: + - name + type: object + type: array + variables: + description: Variables defines the variables which can be configured + in the Cluster topology and are then used in patches. + items: + description: ClusterClassVariable defines a variable which can be + configured in the Cluster topology and used in patches. + properties: + name: + description: Name of the variable. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus the + top-level object defined in the schema. If nested fields are + required, this will be specified inside the schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of a variable + via OpenAPI v3 schema. The schema is a subset of the schema + used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the schema + of values in a map (keys are always strings). NOTE: + Can only be set if type is object. NOTE: AdditionalProperties + is mutually exclusive with Properties. NOTE: This + field uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of the variable. + NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values of the + variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the Maximum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the Minimum + is exclusive. NOTE: Can only be set if type is integer + or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. NOTE: + Can only be set if type is array. NOTE: This field + uses PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer or + number variable. If ExclusiveMaximum is false, the + variable is valid if it is lower than, or equal to, + the value of Maximum. If ExclusiveMaximum is true, + the variable is valid if it is strictly lower than + the value of Maximum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an array + variable. NOTE: Can only be set if type is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a string + variable. NOTE: Can only be set if type is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer or + number variable. If ExclusiveMinimum is false, the + variable is valid if it is greater than, or equal + to, the value of Minimum. If ExclusiveMinimum is true, + the variable is valid if it is strictly greater than + the value of Minimum. NOTE: Can only be set if type + is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string variable + must match. NOTE: Can only be set if type is string.' + type: string + properties: + description: 'Properties specifies fields of an object. + NOTE: Can only be set if type is object. NOTE: Properties + is mutually exclusive with AdditionalProperties. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields of an + object are required. NOTE: Can only be set if type + is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. Valid + values are: object, array, string, integer, number + or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in an array + must be unique. NOTE: Can only be set if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields + in a variable object which are not defined in the + variable schema. This affects fields recursively, + except if nested properties or additionalProperties + are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - name + - required + - schema + type: object + type: array + workers: + description: Workers describes the worker nodes for the cluster. It + is a collection of node types which can be used to create the worker + nodes of the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployment + classes that can be used to create a set of worker nodes. + items: + description: MachineDeploymentClass serves as a template to + define a set of worker nodes of the cluster provisioned using + the `ClusterClass`. + properties: + class: + description: Class denotes a type of worker node present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachineDeployment. + type: string + failureDomain: + description: 'FailureDomain is the failure domain the machines + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + machineHealthCheck: + description: MachineHealthCheck defines a MachineHealthCheck + for this MachineDeploymentClass. + properties: + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to + a remediation template provided by an infrastructure + provider. \n This field is completely optional, when + filled, the MachineHealthCheck controller creates + a new object from the template referenced and hands + off remediation of the machine to a controller that + lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of + the conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node + is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has been + in the given status for at least the timeout value, + a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - + This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) + (b) there are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + format: int32 + type: integer + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the MachineDeployment. + properties: + template: + description: 'Template defines the template to use for + generating the name of the MachineDeployment object. + If not defined, it will fallback to `{{ .cluster.name + }}-{{ .machineDeployment.topologyName }}-{{ .random + }}`. If the templated string exceeds 63 characters, + it will be trimmed to 58 characters and will get concatenated + with a random suffix of length 5. The templating mechanism + provides the following arguments: * `.cluster.name`: + The name of the cluster object. * `.random`: A random + alphanumeric string, without vowels, of length 5. + * `.machineDeployment.topologyName`: The name of the + MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine is marked for deletion. A duration of + 0 will retry deletion indefinitely. Defaults to 10 seconds. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachineDeploymentClass.' + type: string + strategy: + description: 'The deployment strategy to use to replace + existing machines with new ones. NOTE: This value can + be overridden while defining a Cluster.Topology using + this MachineDeploymentClass.' + properties: + rollingUpdate: + description: Rolling update config params. Present only + if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used + by the MachineDeployment to identify nodes to + delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be scheduled above the desired number of machines. + Value can be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). This can not be + 0 if MaxUnavailable is 0. Absolute number is calculated + from percentage by rounding up. Defaults to 1. + Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling + update starts, such that the total number of old + and new machines do not exceed 130% of desired + machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring + that total number of machines running at any time + during the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that + can be unavailable during the update. Value can + be an absolute number (ex: 5) or a percentage + of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to + 0. Example: when this is set to 30%, the old MachineSet + can be scaled down to 70% of desired machines + immediately when the rolling update starts. Once + new machines are ready, old MachineSet can be + scaled down further, followed by scaling up the + new MachineSet, ensuring that the total number + of machines available at all times during the + update is at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Allowed values are + RollingUpdate and OnDelete. The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template is a local struct containing a collection + of templates for creation of MachineDeployment objects + representing a set of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + worker Machines. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + machinePools: + description: MachinePools is a list of machine pool classes that + can be used to create a set of worker nodes. + items: + description: MachinePoolClass serves as a template to define + a pool of worker nodes of the cluster provisioned using `ClusterClass`. + properties: + class: + description: Class denotes a type of machine pool present + in the cluster, this name MUST be unique within a ClusterClass + and can be referenced in the Cluster to create a managed + MachinePool. + type: string + failureDomains: + description: 'FailureDomains is the list of failure domains + the MachinePool should be attached to. Must match a key + in the FailureDomains map stored on the cluster object. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachinePoolClass.' + items: + type: string + type: array + minReadySeconds: + description: 'Minimum number of seconds for which a newly + created machine pool should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) NOTE: + This value can be overridden while defining a Cluster.Topology + using this MachinePoolClass.' + format: int32 + type: integer + namingStrategy: + description: NamingStrategy allows changing the naming pattern + used when creating the MachinePool. + properties: + template: + description: 'Template defines the template to use for + generating the name of the MachinePool object. If + not defined, it will fallback to `{{ .cluster.name + }}-{{ .machinePool.topologyName }}-{{ .random }}`. + If the templated string exceeds 63 characters, it + will be trimmed to 58 characters and will get concatenated + with a random suffix of length 5. The templating mechanism + provides the following arguments: * `.cluster.name`: + The name of the cluster object. * `.random`: A random + alphanumeric string, without vowels, of length 5. + * `.machinePool.topologyName`: The name of the MachinePool + topology (Cluster.spec.topology.workers.machinePools[].name).' + type: string + type: object + nodeDeletionTimeout: + description: 'NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts + after the Machine Pool is marked for deletion. A duration + of 0 will retry deletion indefinitely. Defaults to 10 + seconds. NOTE: This value can be overridden while defining + a Cluster.Topology using this MachinePoolClass.' + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The + default value is 0, meaning that the node can be drained + without any time limitations. NOTE: NodeDrainTimeout is + different from `kubectl drain --timeout` NOTE: This value + can be overridden while defining a Cluster.Topology using + this MachinePoolClass.' + type: string + nodeVolumeDetachTimeout: + description: 'NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting for + all volumes to be detached. The default value is 0, meaning + that the volumes can be detached without any time limitations. + NOTE: This value can be overridden while defining a Cluster.Topology + using this MachinePoolClass.' + type: string + template: + description: Template is a local struct containing a collection + of templates for creation of MachinePools objects representing + a pool of worker nodes. + properties: + bootstrap: + description: Bootstrap contains the bootstrap template + reference to be used for the creation of the Machines + in the MachinePool. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + infrastructure: + description: Infrastructure contains the infrastructure + template reference to be used for the creation of + the MachinePool. + properties: + ref: + description: Ref is a required reference to a custom + resource offered by a provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ref + type: object + metadata: + description: Metadata is the metadata applied to the + MachinePool. At runtime this metadata is merged with + the corresponding metadata from the topology. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - bootstrap + - infrastructure + type: object + required: + - class + - template + type: object + type: array + type: object + type: object + status: + description: ClusterClassStatus defines the observed state of the ClusterClass. + properties: + conditions: + description: Conditions defines current observed state of the ClusterClass. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + variables: + description: Variables is a list of ClusterClassStatusVariable that + are defined for the ClusterClass. + items: + description: ClusterClassStatusVariable defines a variable which + appears in the status of a ClusterClass. + properties: + definitions: + description: Definitions is a list of definitions for a variable. + items: + description: ClusterClassStatusVariableDefinition defines + a variable which appears in the status of a ClusterClass. + properties: + from: + description: From specifies the origin of the variable + definition. This will be `inline` for variables defined + in the ClusterClass or the name of a patch defined in + the ClusterClass for variables discovered from a DiscoverVariables + runtime extensions. + type: string + required: + description: 'Required specifies if the variable is required. + Note: this applies to the variable as a whole and thus + the top-level object defined in the schema. If nested + fields are required, this will be specified inside the + schema.' + type: boolean + schema: + description: Schema defines the schema of the variable. + properties: + openAPIV3Schema: + description: OpenAPIV3Schema defines the schema of + a variable via OpenAPI v3 schema. The schema is + a subset of the schema used in Kubernetes CRDs. + properties: + additionalProperties: + description: 'AdditionalProperties specifies the + schema of values in a map (keys are always strings). + NOTE: Can only be set if type is object. NOTE: + AdditionalProperties is mutually exclusive with + Properties. NOTE: This field uses PreserveUnknownFields + and Schemaless, because recursive validation + is not possible.' + x-kubernetes-preserve-unknown-fields: true + default: + description: 'Default is the default value of + the variable. NOTE: Can be set for all types.' + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is a human-readable description + of this variable. + type: string + enum: + description: 'Enum is the list of valid values + of the variable. NOTE: Can be set for all types.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: Example is an example for this variable. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the + Maximum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the + Minimum is exclusive. NOTE: Can only be set + if type is integer or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. + Unknown formats are ignored. For a list of supported + formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + description: 'Items specifies fields of an array. + NOTE: Can only be set if type is array. NOTE: + This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + maxItems: + description: 'MaxItems is the max length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer + or number variable. If ExclusiveMaximum is false, + the variable is valid if it is lower than, or + equal to, the value of Maximum. If ExclusiveMaximum + is true, the variable is valid if it is strictly + lower than the value of Maximum. NOTE: Can only + be set if type is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an + array variable. NOTE: Can only be set if type + is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a + string variable. NOTE: Can only be set if type + is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer + or number variable. If ExclusiveMinimum is false, + the variable is valid if it is greater than, + or equal to, the value of Minimum. If ExclusiveMinimum + is true, the variable is valid if it is strictly + greater than the value of Minimum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string + variable must match. NOTE: Can only be set if + type is string.' + type: string + properties: + description: 'Properties specifies fields of an + object. NOTE: Can only be set if type is object. + NOTE: Properties is mutually exclusive with + AdditionalProperties. NOTE: This field uses + PreserveUnknownFields and Schemaless, because + recursive validation is not possible.' + x-kubernetes-preserve-unknown-fields: true + required: + description: 'Required specifies which fields + of an object are required. NOTE: Can only be + set if type is object.' + items: + type: string + type: array + type: + description: 'Type is the type of the variable. + Valid values are: object, array, string, integer, + number or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in + an array must be unique. NOTE: Can only be set + if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting + fields in a variable object which are not defined + in the variable schema. This affects fields + recursively, except if nested properties or + additionalProperties are specified in the schema. + type: boolean + required: + - type + type: object + required: + - openAPIV3Schema + type: object + required: + - from + - required + - schema + type: object + type: array + definitionsConflict: + description: DefinitionsConflict specifies whether or not there + are conflicting definitions for a single variable name. + type: boolean + name: + description: Name is the name of the variable. + type: string + required: + - definitions + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesetbindings.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSetBinding + listKind: ClusterResourceSetBindingList + plural: clusterresourcesetbindings + singular: clusterresourcesetbinding + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. \n Deprecated: This type will be removed + in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSetBinding + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSetBinding lists all matching ClusterResourceSets + with the cluster it belongs to. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetBindingSpec defines the desired state of + ClusterResourceSetBinding. + properties: + bindings: + description: Bindings is a list of ClusterResourceSets and their resources. + items: + description: ResourceSetBinding keeps info on all of the resources + in a ClusterResourceSet. + properties: + clusterResourceSetName: + description: ClusterResourceSetName is the name of the ClusterResourceSet + that is applied to the owner cluster of the binding. + type: string + resources: + description: Resources is a list of resources that the ClusterResourceSet + has. + items: + description: ResourceBinding shows the status of a resource + that belongs to a ClusterResourceSet matched by the owner + cluster of the ClusterResourceSetBinding object. + properties: + applied: + description: Applied is to track if a resource is applied + to the cluster or not. + type: boolean + hash: + description: Hash is the hash of a resource's data. This + can be used to decide if a resource is changed. For + "ApplyOnce" ClusterResourceSet.spec.strategy, this is + no-op as that strategy does not act on change. + type: string + kind: + description: 'Kind of the resource. Supported kinds are: + Secrets and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource that is in the same + namespace with ClusterResourceSet object. + minLength: 1 + type: string + required: + - applied + - kind + - name + type: object + type: array + required: + - clusterResourceSetName + type: object + type: array + clusterName: + description: 'ClusterName is the name of the Cluster this binding + applies to. Note: this field mandatory in v1beta2.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusterresourcesets.addons.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: addons.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ClusterResourceSet + listKind: ClusterResourceSetList + plural: clusterresourcesets + singular: clusterresourceset + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "ClusterResourceSet is the Schema for the clusterresourcesets + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of ClusterResourceSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterResourceSet is the Schema for the clusterresourcesets + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + properties: + clusterSelector: + description: Label selector for Clusters. The Clusters that are selected + by this will be the ones affected by this ClusterResourceSet. It + must match the Cluster labels. This field is immutable. Label selector + cannot be empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is a list of Secrets/ConfigMaps where each + contains 1 or more resources to be applied to remote clusters. + items: + description: ResourceRef specifies a resource. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the resource that is in the same namespace + with ClusterResourceSet object. + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + strategy: + description: Strategy is the strategy to be used during applying resources. + Defaults to ApplyOnce. This field is immutable. + enum: + - ApplyOnce + - Reconcile + type: string + required: + - clusterSelector + type: object + status: + description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + properties: + conditions: + description: Conditions defines current state of the ClusterResourceSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed ClusterResourceSet. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: clusters.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Cluster + listKind: ClusterList + plural: clusters + shortNames: + - cl + singular: cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneInitialized: + description: ControlPlaneInitialized defines if the control plane + has been initialized. + type: boolean + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Cluster is the Schema for the clusters API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + metadata: + description: "Metadata is the metadata applied to the machines + of the ControlPlane. At runtime this metadata is merged + with the corresponding metadata from the ClusterClass. \n + This field is supported if and only if the control plane + provider template referenced in the ClusterClass is Machine + based." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. + format: date-time + type: string + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + metadata: + description: Metadata is the metadata applied to the + machines of the MachineDeployment. At runtime this + metadata is merged with the corresponding metadata + from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to zero) and it's assumed that an external entity + (like cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: ClusterClass of this Cluster, empty if the Cluster is not using + a ClusterClass + jsonPath: .spec.topology.class + name: ClusterClass + type: string + - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Cluster + jsonPath: .spec.topology.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + description: Cluster network configuration. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should + bind to. Defaults to 6443. + format: int32 + type: integer + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane + for a Cluster. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + infrastructureRef: + description: InfrastructureRef is a reference to a provider-specific + resource that holds the details for provisioning infrastructure + for a cluster in said provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + paused: + description: Paused can be used to prevent controllers from processing + the Cluster and all its associated objects. + type: boolean + topology: + description: 'This encapsulates the topology for the cluster. NOTE: + It is required to enable the ClusterTopology feature gate flag to + activate managed topologies support; this feature is highly experimental, + and parts of it might still be not implemented.' + properties: + class: + description: The name of the ClusterClass object to create the + topology. + type: string + controlPlane: + description: ControlPlane describes the cluster control plane. + properties: + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration in the + ClusterClass for this control plane. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n If false: + No MachineHealthCheck will be created. \n If not set(default): + A MachineHealthCheck will be created if it is defined + here or in the associated ClusterClass. If no MachineHealthCheck + is defined then none will be created. \n If true: A + MachineHealthCheck is guaranteed to be created. Cluster + validation will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if + at most "MaxUnhealthy" machines selected by "selector" + are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will be + remediated. If you wish to disable this feature, set + the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a + remediation template provided by an infrastructure provider. + \n This field is completely optional, when filled, the + MachineHealthCheck controller creates a new object from + the template referenced and hands off remediation of + the machine to a controller that lives outside of Cluster + API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the + conditions that determine whether a node is considered + unhealthy. The conditions are combined in a logical + OR, i.e. if any of the conditions is met, the node is + unhealthy. + items: + description: UnhealthyCondition represents a Node condition + type and value with a timeout specified as a duration. When + the named condition has been in the given status for + at least the timeout value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" as + not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This + means that remediation will be allowed only when: (a) + there are at least 3 unhealthy machines (and) (b) there + are at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the ControlPlane + and the Machines of the ControlPlane if the ControlPlaneTemplate + referenced by the ClusterClass is machine based. If not, + it is applied only to the ControlPlane. At runtime this + metadata is merged with the corresponding metadata from + the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + replicas: + description: Replicas is the number of control plane nodes. + If the value is nil, the ControlPlane object is created + without the number of Replicas and it's assumed that the + control plane controller does not implement support for + this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + rolloutAfter: + description: "RolloutAfter performs a rollout of the entire cluster + one component at a time, control plane first and then machine + deployments. \n Deprecated: This field has no function and is + going to be removed in the next apiVersion." + format: date-time + type: string + variables: + description: Variables can be used to customize the Cluster through + patches. They must comply to the corresponding VariableClasses + defined in the ClusterClass. + items: + description: ClusterVariable can be used to customize the Cluster + through patches. Each ClusterVariable is associated with a + Variable definition in the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where the definition + of this Variable is from. DefinitionFrom is `inline` when + the definition is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass `.spec.patches` + where the patch is external and provides external variables. + This field is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: the value will + be validated against the schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to use apiextensionsv1.JSON + instead of a custom JSON type, because controller-tools + has a hard-coded schema for apiextensionsv1.JSON which + cannot be produced by another type via controller-tools, + i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + version: + description: The Kubernetes version of the cluster. + type: string + workers: + description: Workers encapsulates the different constructs that + form the worker nodes for the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments + in the cluster. + items: + description: MachineDeploymentTopology specifies the different + parameters for a set of worker nodes in the topology. + This set of nodes is managed by a MachineDeployment object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachineDeploymentClass + used to create the set of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomain: + description: FailureDomain is the failure domain the + machines will be created in. Must match a key in the + FailureDomains map stored on the cluster object. + type: string + machineHealthCheck: + description: MachineHealthCheck allows to enable, disable + and override the MachineHealthCheck configuration + in the ClusterClass for this MachineDeployment. + properties: + enable: + description: "Enable controls if a MachineHealthCheck + should be created for the target machines. \n + If false: No MachineHealthCheck will be created. + \n If not set(default): A MachineHealthCheck will + be created if it is defined here or in the associated + ClusterClass. If no MachineHealthCheck is defined + then none will be created. \n If true: A MachineHealthCheck + is guaranteed to be created. Cluster validation + will block if `enable` is true and no MachineHealthCheck + definition is available." + type: boolean + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed + if at most "MaxUnhealthy" machines selected by + "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without + a node will be considered to have failed and will + be remediated. If you wish to disable this feature, + set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference + to a remediation template provided by an infrastructure + provider. \n This field is completely optional, + when filled, the MachineHealthCheck controller + creates a new object from the template referenced + and hands off remediation of the machine to a + controller that lives outside of Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list + of the conditions that determine whether a node + is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions + is met, the node is unhealthy. + items: + description: UnhealthyCondition represents a Node + condition type and value with a timeout specified + as a duration. When the named condition has + been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + type: array + unhealthyRange: + description: 'Any further remediation is only allowed + if the number of machines selected by "selector" + as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" + - This means that remediation will be allowed + only when: (a) there are at least 3 unhealthy + machines (and) (b) there are at most 5 unhealthy + machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + type: object + metadata: + description: Metadata is the metadata applied to the + MachineDeployment and the machines of the MachineDeployment. + At runtime this metadata is merged with the corresponding + metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + name: + description: Name is the unique identifier for this + MachineDeploymentTopology. The value is used with + other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name + is greater than the allowed maximum length, the values + are hashed together. + type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + Machine hosts after the Machine is marked for deletion. + A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a + node. The default value is 0, meaning that the node + can be drained without any time limitations. NOTE: + NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string + replicas: + description: Replicas is the number of worker nodes + belonging to this set. If the value is nil, the MachineDeployment + is created without the number of Replicas (defaulting + to 1) and it's assumed that an external entity (like + cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace + existing machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present + only if MachineDeploymentStrategyType = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy + used by the MachineDeployment to identify + nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value + is supplied, the default DeletePolicy of MachineSet + is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be scheduled above the desired number + of machines. Value can be an absolute number + (ex: 5) or a percentage of desired machines + (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage + by rounding up. Defaults to 1. Example: when + this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling + update starts, such that the total number + of old and new machines do not exceed 130% + of desired machines. Once old machines have + been killed, new MachineSet can be scaled + up further, ensuring that total number of + machines running at any time during the update + is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines + that can be unavailable during the update. + Value can be an absolute number (ex: 5) or + a percentage of desired machines (ex: 10%). + Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge + is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled + down to 70% of desired machines immediately + when the rolling update starts. Once new machines + are ready, old MachineSet can be scaled down + further, followed by scaling up the new MachineSet, + ensuring that the total number of machines + available at all times during the update is + at least 70% of desired machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Allowed values + are RollingUpdate and OnDelete. The default is + RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + variables: + description: Variables can be used to customize the + MachineDeployment through patches. + properties: + overrides: + description: Overrides can be used to override Cluster + level variables. + items: + description: ClusterVariable can be used to customize + the Cluster through patches. Each ClusterVariable + is associated with a Variable definition in + the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where + the definition of this Variable is from. + DefinitionFrom is `inline` when the definition + is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass + `.spec.patches` where the patch is external + and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: + the value will be validated against the + schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to + use apiextensionsv1.JSON instead of a custom + JSON type, because controller-tools has + a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type + via controller-tools, i.e. it is not possible + to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + type: object + required: + - class + - name + type: object + type: array + machinePools: + description: MachinePools is a list of machine pools in the + cluster. + items: + description: MachinePoolTopology specifies the different + parameters for a pool of worker nodes in the topology. + This pool of nodes is managed by a MachinePool object + whose lifecycle is managed by the Cluster controller. + properties: + class: + description: Class is the name of the MachinePoolClass + used to create the pool of worker nodes. This should + match one of the deployment classes defined in the + ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomains: + description: FailureDomains is the list of failure domains + the machine pool will be created in. Must match a + key in the FailureDomains map stored on the cluster + object. + items: + type: string + type: array + metadata: + description: Metadata is the metadata applied to the + MachinePool. At runtime this metadata is merged with + the corresponding metadata from the ClusterClass. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key + value map stored with a resource that may be set + by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be + preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that + can be used to organize and categorize (scope + and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + minReadySeconds: + description: Minimum number of seconds for which a newly + created machine pool should be ready. Defaults to + 0 (machine will be considered available as soon as + it is ready) + format: int32 + type: integer + name: + description: Name is the unique identifier for this + MachinePoolTopology. The value is used with other + unique identifiers to create a MachinePool's Name + (e.g. cluster's name, etc). In case the name is greater + than the allowed maximum length, the values are hashed + together. + type: string + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the + controller will attempt to delete the Node that the + MachinePool hosts after the MachinePool is marked + for deletion. A duration of 0 will retry deletion + indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of + time that the controller will spend on draining a + node. The default value is 0, meaning that the node + can be drained without any time limitations. NOTE: + NodeDrainTimeout is different from `kubectl drain + --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount + of time that the controller will spend on waiting + for all volumes to be detached. The default value + is 0, meaning that the volumes can be detached without + any time limitations. + type: string + replicas: + description: Replicas is the number of nodes belonging + to this pool. If the value is nil, the MachinePool + is created without the number of Replicas (defaulting + to 1) and it's assumed that an external entity (like + cluster autoscaler) is responsible for the management + of this value. + format: int32 + type: integer + variables: + description: Variables can be used to customize the + MachinePool through patches. + properties: + overrides: + description: Overrides can be used to override Cluster + level variables. + items: + description: ClusterVariable can be used to customize + the Cluster through patches. Each ClusterVariable + is associated with a Variable definition in + the ClusterClass `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where + the definition of this Variable is from. + DefinitionFrom is `inline` when the definition + is from the ClusterClass `.spec.variables` + or the name of a patch defined in the ClusterClass + `.spec.patches` where the patch is external + and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: + true` in ClusterClass `status.variables[]`' + type: string + name: + description: Name of the variable. + type: string + value: + description: 'Value of the variable. Note: + the value will be validated against the + schema of the corresponding ClusterClassVariable + from the ClusterClass. Note: We have to + use apiextensionsv1.JSON instead of a custom + JSON type, because controller-tools has + a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type + via controller-tools, i.e. it is not possible + to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + x-kubernetes-preserve-unknown-fields: true + required: + - name + - value + type: object + type: array + type: object + required: + - class + - name + type: object + type: array + type: object + required: + - class + - version + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + controlPlaneReady: + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: extensionconfigs.runtime.cluster.x-k8s.io +spec: + group: runtime.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ExtensionConfig + listKind: ExtensionConfigList + plural: extensionconfigs + shortNames: + - ext + singular: extensionconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Time duration since creation of ExtensionConfig + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExtensionConfig is the Schema for the ExtensionConfig API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExtensionConfigSpec is the desired state of the ExtensionConfig + properties: + clientConfig: + description: ClientConfig defines how to communicate with the Extension + server. + properties: + caBundle: + description: CABundle is a PEM encoded CA bundle which will be + used to validate the Extension server's server certificate. + format: byte + type: string + service: + description: "Service is a reference to the Kubernetes service + for the Extension server. Note: Exactly one of `url` or `service` + must be specified. \n If the Extension server is running within + a cluster, then you should use `service`." + properties: + name: + description: Name is the name of the service. + type: string + namespace: + description: Namespace is the namespace of the service. + type: string + path: + description: Path is an optional URL path and if present may + be any string permissible in a URL. If a path is set it + will be used as prefix to the hook-specific path. + type: string + port: + description: Port is the port on the service that's hosting + the Extension server. Defaults to 443. Port should be a + valid port number (1-65535, inclusive). + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: "URL gives the location of the Extension server, + in standard URL form (`scheme://host:port/path`). Note: Exactly + one of `url` or `service` must be specified. \n The scheme must + be \"https\". \n The `host` should not refer to a service running + in the cluster; use the `service` field instead. \n A path is + optional, and if present may be any string permissible in a + URL. If a path is set it will be used as prefix to the hook-specific + path. \n Attempting to use a user or basic auth e.g. \"user:password@\" + is not allowed. Fragments (\"#...\") and query parameters (\"?...\") + are not allowed either." + type: string + type: object + namespaceSelector: + description: NamespaceSelector decides whether to call the hook for + an object based on whether the namespace for that object matches + the selector. Defaults to the empty LabelSelector, which matches + all objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + settings: + additionalProperties: + type: string + description: 'Settings defines key value pairs to be passed to all + calls to all supported RuntimeExtensions. Note: Settings can be + overridden on the ClusterClass.' + type: object + required: + - clientConfig + type: object + status: + description: ExtensionConfigStatus is the current state of the ExtensionConfig + properties: + conditions: + description: Conditions define the current service state of the ExtensionConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + handlers: + description: Handlers defines the current ExtensionHandlers supported + by an Extension. + items: + description: ExtensionHandler specifies the details of a handler + for a particular runtime hook registered by an Extension server. + properties: + failurePolicy: + description: FailurePolicy defines how failures in calls to + the ExtensionHandler should be handled by a client. Defaults + to Fail if not set. + type: string + name: + description: Name is the unique name of the ExtensionHandler. + type: string + requestHook: + description: RequestHook defines the versioned runtime hook + which this ExtensionHandler serves. + properties: + apiVersion: + description: APIVersion is the group and version of the + Hook. + type: string + hook: + description: Hook is the name of the hook. + type: string + required: + - apiVersion + - hook + type: object + timeoutSeconds: + description: TimeoutSeconds defines the timeout duration for + client calls to the ExtensionHandler. Defaults to 10 is not + set. + format: int32 + type: integer + required: + - name + - requestHook + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddressclaims.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddressClaim + listKind: IPAddressClaimList + plural: ipaddressclaims + singular: ipaddressclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdressClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Name of the pool to allocate an address from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool to allocate an address from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdressClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddressClaim is the Schema for the ipaddressclaim API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressClaimSpec is the desired state of an IPAddressClaim. + properties: + poolRef: + description: PoolRef is a reference to the pool from which an IP address + should be created. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + required: + - poolRef + type: object + status: + description: IPAddressClaimStatus is the observed status of a IPAddressClaim. + properties: + addressRef: + description: AddressRef is a reference to the address that was created + for this claim. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Conditions summarises the current state of the IPAddressClaim + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: ipaddresses.ipam.cluster.x-k8s.io +spec: + group: ipam.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - poolRef + - prefix + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Address + jsonPath: .spec.address + name: Address + type: string + - description: Name of the pool the address is from + jsonPath: .spec.poolRef.name + name: Pool Name + type: string + - description: Kind of the pool the address is from + jsonPath: .spec.poolRef.kind + name: Pool Kind + type: string + - description: Time duration since creation of IPAdress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddress API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec is the desired state of an IPAddress. + properties: + address: + description: Address is the IP address. + type: string + claimRef: + description: ClaimRef is a reference to the claim this IPAddress was + created for. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + gateway: + description: Gateway is the network gateway of the network the address + is from. + type: string + poolRef: + description: PoolRef is a reference to the pool that this IPAddress + was created from. + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the prefix of the address. + type: integer + required: + - address + - claimRef + - poolRef + - prefix + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinedeployments.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineDeployment + listKind: MachineDeploymentList + plural: machinedeployments + shortNames: + - md + singular: machinedeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineDeployment is the Schema for the machinedeployments API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + default: 1 + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachineDeployment + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this MachineDeployment + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this MachineDeployment + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of non-terminated machines targeted by this deployment + that have the desired template spec + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Total number of unavailable machines targeted by this MachineDeployment + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachineDeployment + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineDeployment + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineDeployment is the Schema for the machinedeployments API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineDeploymentSpec defines the desired state of MachineDeployment. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make + progress before it is considered to be failed. The deployment controller + will continue to process failed deployments and a condition with + a ProgressDeadlineExceeded reason will be surfaced in the deployment + status. Note that progress will not be estimated during the time + a deployment is paused. Defaults to 600s. + format: int32 + type: integer + replicas: + description: "Number of desired machines. This is a pointer to distinguish + between explicit zero and not specified. \n Defaults to: * if the + Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size - if the replicas + field of the old MachineDeployment is < min size, use min size - + if the replicas field of the old MachineDeployment is > max size, + use max size - if the replicas field of the old MachineDeployment + is in the (min size, max size) range, keep the value from the oldMD + * otherwise use 1 Note: Defaulting will be run whenever the replicas + field is not set: * A new MachineDeployment is created with replicas + not set. * On an existing MachineDeployment the replicas field was + first set and is now unset. Those cases are especially relevant + for the following Kubernetes autoscaler use cases: * A new MachineDeployment + is created and replicas should be managed by the autoscaler * An + existing MachineDeployment which initially wasn't controlled by + the autoscaler should be later controlled by the autoscaler" + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + rolloutAfter: + description: 'RolloutAfter is a field to indicate a rollout should + be performed after the specified time even if no changes have been + made to the MachineDeployment. Example: In the YAML the time can + be specified in the RFC3339 format. To specify the rolloutAfter + target as March 9, 2023, at 9 am UTC use "2023-03-09T09:00:00Z".' + format: date-time + type: string + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this + deployment. It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values + are "Random, "Newest", "Oldest" When no value is supplied, + the default DeletePolicy of MachineSet is used + enum: + - Random + - Newest + - Oldest + type: string + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Allowed values are RollingUpdate + and OnDelete. The default is RollingUpdate. + enum: + - RollingUpdate + - OnDelete + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + - template + type: object + status: + description: MachineDeploymentStatus defines the observed state of MachineDeployment. + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineDeployment. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of a MachineDeployment + (ScalingUp, ScalingDown, Running, Failed, or Unknown). + type: string + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + deployment. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet available or + machines that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinehealthchecks.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineHealthCheck + listKind: MachineHealthCheckList + plural: machinehealthchecks + shortNames: + - mhc + - mhcs + singular: machinehealthcheck + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineHealthCheck is the Schema for the machinehealthchecks + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + - description: Time duration since creation of MachineHealthCheck + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineHealthCheck is the Schema for the machinehealthchecks + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of machine health check policy + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + maxUnhealthy: + anyOf: + - type: integer + - type: string + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + x-kubernetes-int-or-string: true + nodeStartupTimeout: + description: Machines older than this duration without a node will + be considered to have failed and will be remediated. If not set, + this value is defaulted to 10 minutes. If you wish to disable this + feature, set the value explicitly to 0. + type: string + remediationTemplate: + description: "RemediationTemplate is a reference to a remediation + template provided by an infrastructure provider. \n This field is + completely optional, when filled, the MachineHealthCheck controller + creates a new object from the template referenced and hands off + remediation of the machine to a controller that lives outside of + Cluster API." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + selector: + description: Label selector to match machines whose health will be + exercised + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions + that determine whether a node is considered unhealthy. The conditions + are combined in a logical OR, i.e. if any of the conditions is met, + the node is unhealthy. + items: + description: UnhealthyCondition represents a Node condition type + and value with a timeout specified as a duration. When the named + condition has been in the given status for at least the timeout + value, a node is considered unhealthy. + properties: + status: + minLength: 1 + type: string + timeout: + type: string + type: + minLength: 1 + type: string + required: + - status + - timeout + - type + type: object + minItems: 1 + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number + of machines selected by "selector" as not healthy is within the + range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg. + "[3-5]" - This means that remediation will be allowed only when: + (a) there are at least 3 unhealthy machines (and) (b) there are + at most 5 unhealthy machines' + pattern: ^\[[0-9]+-[0-9]+\]$ + type: string + required: + - clusterName + - selector + - unhealthyConditions + type: object + status: + description: Most recently observed status of MachineHealthCheck resource + properties: + conditions: + description: Conditions defines current service state of the MachineHealthCheck. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentHealthy: + description: total number of healthy machines counted by this machine + health check + format: int32 + minimum: 0 + type: integer + expectedMachines: + description: total number of machines counted by this machine health + check + format: int32 + minimum: 0 + type: integer + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + remediationsAllowed: + description: RemediationsAllowed is the number of further remediations + allowed by this machine health check before maxUnhealthy short circuiting + will be applied + format: int32 + minimum: 0 + type: integer + targets: + description: Targets shows the current list of machines the machine + health check is watching + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinepools.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + shortNames: + - mp + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace existing machine + instances with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachinePool is the Schema for the machinepools API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this MachinePool + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of MachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: 'Minimum number of seconds for which a newly created + machine instances should be ready. Defaults to 0 (machine instance + will be considered available as soon as it is ready) NOTE: No logic + is implemented for this field and it currently has no behaviour.' + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machines.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Machine + listKind: MachineList + plural: machines + shortNames: + - ma + singular: machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as cloud-init + details scripts. If nil, the Machine should remain in the Pending + state. \n Deprecated: Switch to DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + priority: 1 + type: string + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "Machine is the Schema for the machines API. \n Deprecated: This + type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + version: + description: Version specifies the current version of Kubernetes running + on the corresponding Node. This is meant to be a means of bubbling + up status from the Node to the Machine. It is entirely optional, + but useful for end-user UX if it’s present. + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Node name associated with this machine + jsonPath: .status.nodeRef.name + name: NodeName + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine status such as Terminating/Pending/Running/Failed etc + jsonPath: .status.phase + name: Phase + type: string + - description: Time duration since creation of Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this Machine + jsonPath: .spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine. + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which encapsulates + fields to configure the Machine’s bootstrapping mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference is + optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. If nil, the Machine should remain + in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine will + be created in. Must match a key in the FailureDomains map stored + on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to a custom + resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller will + attempt to delete the Node that the Machine hosts after the Machine + is marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time that the + controller will spend on draining a node. The default value is 0, + meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of time that + the controller will spend on waiting for all volumes to be detached. + The default value is 0, meaning that the volumes can be detached + without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of + machines. Another list of nodes is queried from the k8s apiserver + and then a comparison is done to find out unregistered machines + and are marked for delete. This field will be set by the actuators + and consumed by higher level entities like autoscaler that will + be interfacing with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. This + field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + status: + description: MachineStatus defines the observed state of Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + certificatesExpiryDate: + description: CertificatesExpiryDate is the expiry date of the machine + certificates. This value is only set for control plane machines. + format: date-time + type: string + conditions: + description: Conditions defines current service state of the Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + lastUpdated: + description: LastUpdated identifies when the phase of the Machine + last transitioned. + format: date-time + type: string + nodeInfo: + description: 'NodeInfo is a set of ids/uuids to uniquely identify + the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info' + properties: + architecture: + description: The Architecture reported by the node + type: string + bootID: + description: Boot ID reported by the node. + type: string + containerRuntimeVersion: + description: ContainerRuntime Version reported by the node through + runtime remote API (e.g. containerd://1.4.2). + type: string + kernelVersion: + description: Kernel Version reported by the node from 'uname -r' + (e.g. 3.16.0-0.bpo.4-amd64). + type: string + kubeProxyVersion: + description: KubeProxy Version reported by the node. + type: string + kubeletVersion: + description: Kubelet Version reported by the node. + type: string + machineID: + description: 'MachineID reported by the node. For unique machine + identification in the cluster this field is preferred. Learn + more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' + type: string + operatingSystem: + description: The Operating System reported by the node + type: string + osImage: + description: OS Image reported by the node from /etc/os-release + (e.g. Debian GNU/Linux 7 (wheezy)). + type: string + systemUUID: + description: SystemUUID reported by the node. For unique machine + identification MachineID is preferred. This field is specific + to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + type: string + required: + - architecture + - bootID + - containerRuntimeVersion + - kernelVersion + - kubeProxyVersion + - kubeletVersion + - machineID + - operatingSystem + - osImage + - systemUUID + type: object + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: cluster-api + name: machinesets.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-webhook-service + namespace: capi-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachineSet + listKind: MachineSetList + plural: machinesets + shortNames: + - ms + singular: machineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: "Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names \n + Deprecated: This field has no function and is going to be + removed in a next release." + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + \n Deprecated: This field has no function and is going to + be removed in a next release." + type: string + ownerReferences: + description: "List of objects depended by this object. If + ALL objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. \n Deprecated: This field + has no function and is going to be removed in a next release." + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this + field and enforces the foreground deletion. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: Switch to + DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "MachineSet is the Schema for the machinesets API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a newly created machine should be ready. Defaults to 0 (machine + will be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: false + storage: false + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .spec.clusterName + name: Cluster + type: string + - description: Total number of machines desired by this machineset + jsonPath: .spec.replicas + name: Desired + priority: 10 + type: integer + - description: Total number of non-terminated machines targeted by this machineset + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of ready machines targeted by this machineset. + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Total number of available machines (ready for at least minReadySeconds) + jsonPath: .status.availableReplicas + name: Available + type: integer + - description: Time duration since creation of MachineSet + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Kubernetes version associated with this MachineSet + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MachineSet is the Schema for the machinesets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSetSpec defines the desired state of MachineSet. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values + are "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for + which a Node for a newly created machine should be ready before + considering the replica available. Defaults to 0 (machine will be + considered available as soon as the Node is ready) + format: int32 + type: integer + replicas: + default: 1 + description: Replicas is the number of desired replicas. This is a + pointer to distinguish between explicit zero and unspecified. Defaults + to 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should + match the replica count. Label keys and values that must match in + order to be controlled by this MachineSet. It must match the machine + template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. Object references + to custom resources are treated as templates. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.DataSecretName + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + nodeDeletionTimeout: + description: NodeDeletionTimeout defines how long the controller + will attempt to delete the Node that the Machine hosts after + the Machine is marked for deletion. A duration of 0 will + retry deletion indefinitely. Defaults to 10 seconds. + type: string + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + nodeVolumeDetachTimeout: + description: NodeVolumeDetachTimeout is the total amount of + time that the controller will spend on waiting for all volumes + to be detached. The default value is 0, meaning that the + volumes can be detached without any time limitations. + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - selector + type: object + status: + description: MachineSetStatus defines the observed state of MachineSet. + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachineSet. + format: int32 + type: integer + conditions: + description: Conditions defines current service state of the MachineSet. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + type: string + failureReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both FailureReason and FailureMessage will be set. + FailureReason will be populated with a succinct value suitable for + machine interpretation, while FailureMessage will contain a more + verbose string suitable for logging and human consumption. \n These + fields should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachineTemplate's spec or the configuration of the + machine controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in + the spec, values that are unsupported by the machine controller, + or the responsible machine controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of + Machines can be added as events to the MachineSet object and/or + logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the + labels of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + selector: + description: 'Selector is the same as the label selector but in the + string format to avoid introspection by clients. The string will + be in the same format as the query-param syntax. More info about + label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-role + namespace: capi-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + cluster.x-k8s.io/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - addons.cluster.x-k8s.io + resources: + - clusterresourcesets/finalizers + - clusterresourcesets/status + verbs: + - get + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusterclasses/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/finalizers + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + - machinedeployments/finalizers + - machinedeployments/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinehealthchecks + - machinehealthchecks/finalizers + - machinehealthchecks/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/finalizers + - machinepools/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/finalizers + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - delete + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + - machinesets/finalizers + - machinesets/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - get + - list + - watch +- apiGroups: + - runtime.cluster.x-k8s.io + resources: + - extensionconfigs + - extensionconfigs/status + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-leader-election-rolebinding + namespace: capi-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capi-leader-election-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capi-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: capi-manager + namespace: capi-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-webhook-service + namespace: capi-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: cluster-api +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + name: capi-controller-manager + namespace: capi-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterResourceSet=${EXP_CLUSTER_RESOURCE_SET:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false},RuntimeSDK=${EXP_RUNTIME_SDK:=false},MachineSetPreflightChecks=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: registry.k8s.io/cluster-api/cluster-api-controller:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capi-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capi-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-serving-cert + namespace: capi-system +spec: + dnsNames: + - capi-webhook-service.capi-system.svc + - capi-webhook-service.capi-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capi-selfsigned-issuer + secretName: capi-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-selfsigned-issuer + namespace: capi-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.extensionconfig.runtime.addons.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: default.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capi-system/capi-serving-cert + labels: + cluster.x-k8s.io/provider: cluster-api + name: capi-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-clusterclass + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterclass.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusterclasses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machine.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinedeployment.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinehealthcheck.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinehealthchecks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machineset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machineset.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.extensionconfig.runtime.cluster.x-k8s.io + rules: + - apiGroups: + - runtime.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - extensionconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-cluster-x-k8s-io-v1beta1-machinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.machinepool.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - machinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourceset.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesets + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io + rules: + - apiGroups: + - addons.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusterresourcesetbindings + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddresses + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-webhook-service + namespace: capi-system + path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddressclaim.ipam.cluster.x-k8s.io + rules: + - apiGroups: + - ipam.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - ipaddressclaims + sideEffects: None diff --git a/files/cluster-api/v1.6.2/infrastructure-components-development.yaml b/files/cluster-api/v1.6.2/infrastructure-components-development.yaml new file mode 100644 index 00000000..f5118dcf --- /dev/null +++ b/files/cluster-api/v1.6.2/infrastructure-components-development.yaml @@ -0,0 +1,2815 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged + name: capd-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockerclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerCluster + listKind: DockerClusterList + plural: dockerclusters + singular: dockercluster + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerCluster is the Schema for the dockerclusters API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerCluster is the Schema for the dockerclusters API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for the cluster + load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull + the haproxy image from. if not set, "kindest" will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the haproxy + image. if not set, "v20210715-a6da3463" will be used instead. + type: string + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of DockerCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerCluster is the Schema for the dockerclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are usually not defined in the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for the cluster + load balancer. + properties: + customHAProxyConfigTemplateRef: + description: 'CustomHAProxyConfigTemplateRef allows you to replace + the default HAProxy config file. This field is a reference to + a config map that contains the configuration template. The key + of the config map should be equal to ''value''. The content + of the config map will be processed and will replace the default + HAProxy config file. Please use it with caution, as there are + no checks to ensure the validity of the configuration. This + template will support the following variables that will be passed + by the controller: $IPv6 (bool) indicates if the cluster is + IPv6, $FrontendControlPlanePort (string) indicates the frontend + control plane port, $BackendControlPlanePort (string) indicates + the backend control plane port, $BackendServers (map[string]string) + indicates the backend server where the key is the server name + and the value is the address. This map is dynamic and is updated + every time a new control plane node is added or removed. The + template will also support the JoinHostPort function to join + the host and port of the backend server.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + imageRepository: + description: ImageRepository sets the container registry to pull + the haproxy image from. if not set, "kindest" will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the haproxy + image. if not set, "v20210715-a6da3463" will be used instead. + type: string + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockerclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerClusterTemplate + listKind: DockerClusterTemplateList + plural: dockerclustertemplates + singular: dockerclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of DockerClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerClusterTemplate is the Schema for the dockerclustertemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterTemplateSpec defines the desired state of DockerClusterTemplate. + properties: + template: + description: DockerClusterTemplateResource describes the data needed + to create a DockerCluster from a template. + properties: + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the + spec. The docker provider is special since failure domains + don't mean anything in a local docker environment. Instead, + the docker cluster controller will simply copy these into + the Status and allow the Cluster API controllers to do what + they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for + the cluster load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull the haproxy image from. if not set, "kindest" + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + haproxy image. if not set, "v20210715-a6da3463" will + be used instead. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerClusterTemplate is the Schema for the dockerclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterTemplateSpec defines the desired state of DockerClusterTemplate. + properties: + template: + description: DockerClusterTemplateResource describes the data needed + to create a DockerCluster from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are usually not defined in the + spec. The docker provider is special since failure domains + don't mean anything in a local docker environment. Instead, + the docker cluster controller will simply copy these into + the Status and allow the Cluster API controllers to do what + they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for + the cluster load balancer. + properties: + customHAProxyConfigTemplateRef: + description: 'CustomHAProxyConfigTemplateRef allows you + to replace the default HAProxy config file. This field + is a reference to a config map that contains the configuration + template. The key of the config map should be equal + to ''value''. The content of the config map will be + processed and will replace the default HAProxy config + file. Please use it with caution, as there are no checks + to ensure the validity of the configuration. This template + will support the following variables that will be passed + by the controller: $IPv6 (bool) indicates if the cluster + is IPv6, $FrontendControlPlanePort (string) indicates + the frontend control plane port, $BackendControlPlanePort + (string) indicates the backend control plane port, $BackendServers + (map[string]string) indicates the backend server where + the key is the server name and the value is the address. + This map is dynamic and is updated every time a new + control plane node is added or removed. The template + will also support the JoinHostPort function to join + the host and port of the backend server.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + imageRepository: + description: ImageRepository sets the container registry + to pull the haproxy image from. if not set, "kindest" + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + haproxy image. if not set, "v20210715-a6da3463" will + be used instead. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachinepools.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachinePool + listKind: DockerMachinePoolList + plural: dockermachinepools + singular: dockermachinepool + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerMachinePool is the Schema for the dockermachinepools API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + description: DockerMachinePoolInstanceStatus contains status information + about a DockerMachinePool. + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerMachinePool is the Schema for the dockermachinepools API. + \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + description: DockerMachinePoolInstanceStatus contains status information + about a DockerMachinePool. + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachinePool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachinePool is the Schema for the dockermachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + infrastructureMachineKind: + description: InfrastructureMachineKind is the kind of the infrastructure + resources behind MachinePool Machines. + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: DockerMachinePoolInstanceStatus contains status information + about a DockerMachinePool. + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: "Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine \n Deprecated: This field + will be removed in the next apiVersion. When removing also + remove from staticcheck exclude-rules for SA1019 in golangci.yml" + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachinepooltemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachinePoolTemplate + listKind: DockerMachinePoolTemplateList + plural: dockermachinepooltemplates + singular: dockermachinepooltemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachinePoolTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachinePoolTemplate is the Schema for the dockermachinepooltemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolTemplateSpec defines the desired state of + DockerMachinePoolTemplate. + properties: + template: + description: DockerMachinePoolTemplateResource describes the data + needed to create a DockerMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of + DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine + Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification + IDs of machine instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a + replica machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount + into a container. This is a simplified version of + kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the + hostPath doesn't exist, then runtimes should report + error. If the hostpath is a symbolic link, runtimes + should follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in + a newly created machine. This can be used to speed up + tests by avoiding e.g. to download CNI images on all + the containers. + items: + type: string + type: array + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachine + listKind: DockerMachineList + plural: dockermachines + singular: dockermachine + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerMachine is the Schema for the dockermachines API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping has + been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerMachine is the Schema for the dockermachines API. \n Deprecated: + This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping has + been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Machine object which owns with this DockerMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Time duration since creation of DockerMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachine is the Schema for the dockermachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: "Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine \n Deprecated: This field will + be removed in the next apiVersion. When removing also remove from + staticcheck exclude-rules for SA1019 in golangci.yml." + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-docker + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1 + name: dockermachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capd-webhook-service + namespace: capd-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachineTemplate + listKind: DockerMachineTemplateList + plural: dockermachinetemplates + singular: dockermachinetemplate + scope: Namespaced + versions: + - deprecated: true + name: v1alpha3 + schema: + openAPIV3Schema: + description: "DockerMachineTemplate is the Schema for the dockermachinetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + name: v1alpha4 + schema: + openAPIV3Schema: + description: "DockerMachineTemplate is the Schema for the dockermachinetemplates + API. \n Deprecated: This type will be removed in one of the next releases." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of DockerMachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DockerMachineTemplate is the Schema for the dockermachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: "Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine \n Deprecated: This field + will be removed in the next apiVersion. When removing also + remove from staticcheck exclude-rules for SA1019 in golangci.yml." + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-manager + namespace: capd-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-leader-election-role + namespace: capd-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machines + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + verbs: + - delete + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockerclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockerclusters/finalizers + - dockerclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachinepools/finalizers + - dockermachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachines/finalizers + - dockermachines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-leader-election-rolebinding + namespace: capd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capd-leader-election-role +subjects: +- kind: ServiceAccount + name: capd-manager + namespace: capd-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capd-manager-role +subjects: +- kind: ServiceAccount + name: capd-manager + namespace: capd-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-webhook-service + namespace: capd-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-docker +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + name: capd-controller-manager + namespace: capd-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: DOCKER_HOST + value: ${CAPD_DOCKER_HOST:=""} + image: gcr.io/k8s-staging-cluster-api/capd-manager:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + privileged: true + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /var/run/docker.sock + name: dockersock + serviceAccountName: capd-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capd-webhook-service-cert + - hostPath: + path: /var/run/docker.sock + name: dockersock +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-serving-cert + namespace: capd-system +spec: + dnsNames: + - capd-webhook-service.capd-system.svc + - capd-webhook-service.capd-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capd-selfsigned-issuer + secretName: capd-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-selfsigned-issuer + namespace: capd-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-dockercluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.dockercluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-dockerclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.dockerclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclustertemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capd-system/capd-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-docker + name: capd-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-dockercluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockercluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-dockerclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockerclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockerclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capd-webhook-service + namespace: capd-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-dockermachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockermachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dockermachinetemplates + sideEffects: None diff --git a/files/cluster-api/v1.6.2/infrastructure-components-in-memory-development.yaml b/files/cluster-api/v1.6.2/infrastructure-components-in-memory-development.yaml new file mode 100644 index 00000000..6bba3b94 --- /dev/null +++ b/files/cluster-api/v1.6.2/infrastructure-components-in-memory-development.yaml @@ -0,0 +1,1220 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + name: capim-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemoryclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryCluster + listKind: InMemoryClusterList + plural: inmemoryclusters + singular: inmemorycluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Time duration since creation of InMemoryCluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryCluster is the schema for the in-memory cluster API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryClusterSpec defines the desired state of the InMemoryCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + type: object + status: + description: InMemoryClusterStatus defines the observed state of the InMemoryCluster. + properties: + conditions: + description: Conditions defines current service state of the InMemoryCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + description: Ready denotes that the in-memory cluster (infrastructure) + is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemoryclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryClusterTemplate + listKind: InMemoryClusterTemplateList + plural: inmemoryclustertemplates + singular: inmemoryclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of InMemoryClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryClusterTemplate is the Schema for the inmemoryclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryClusterTemplateSpec defines the desired state of + InMemoryClusterTemplate. + properties: + template: + description: InMemoryClusterTemplateResource describes the data needed + to create a InMemoryCluster from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: InMemoryClusterSpec defines the desired state of + the InMemoryCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. Defaults to 6443 if not set. + type: integer + required: + - host + - port + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemorymachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryMachine + listKind: InMemoryMachineList + plural: inmemorymachines + singular: inmemorymachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster + jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] + name: Cluster + type: string + - description: Machine object which owns with this InMemoryMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Time duration since creation of InMemoryMachine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryMachine is the schema for the in-memory machine API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryMachineSpec defines the desired state of InMemoryMachine. + properties: + behaviour: + description: Behaviour of the InMemoryMachine; this will allow to + make a simulation more alike to real use cases e.g. by defining + the duration of the provisioning phase mimicking the performances + of the target infrastructure. + properties: + apiServer: + description: APIServer defines the behaviour of the APIServer + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the APIServer hosted on the InMemoryMachine is going to + be provisioned. NOTE: APIServer provisioning includes all + the steps from starting the static Pod to the Pod become + ready and being registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + etcd: + description: Etcd defines the behaviour of the etcd member hosted + on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the etcd member hosted on the InMemoryMachine is going to + be provisioned. NOTE: Etcd provisioning includes all the + steps from starting the static Pod to the Pod become ready + and being registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + node: + description: Node defines the behaviour of the Node (the kubelet) + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the Node (the kubelet) hosted on the InMemoryMachine is + going to be provisioned. NOTE: Node provisioning includes + all the steps from starting kubelet to the node become ready, + get a provider ID, and being registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + vm: + description: VM defines the behaviour of the VM implementing the + InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing how + the VM implementing the InMemoryMachine is going to be provisioned. + NOTE: VM provisioning includes all the steps from creation + to power-on.' + properties: + startupDuration: + description: StartupDuration defines the duration of the + object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness on StartupDuration; + the actual duration will be StartupDuration plus an + additional amount chosen uniformly at random from the + interval between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the usage of + float is highly discouraged, as support for them varies + across languages.' + type: string + required: + - startupDuration + type: object + type: object + type: object + providerID: + description: ProviderID will be the container name in ProviderID format + (in-memory:////) + type: string + type: object + status: + description: InMemoryMachineStatus defines the observed state of InMemoryMachine. + properties: + conditions: + description: Conditions defines current service state of the InMemoryMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + description: Ready denotes that the machine is ready + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + cluster.x-k8s.io/v1beta1: v1alpha1 + name: inmemorymachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capim-webhook-service + namespace: capim-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: InMemoryMachineTemplate + listKind: InMemoryMachineTemplateList + plural: inmemorymachinetemplates + singular: inmemorymachinetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of InMemoryMachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: InMemoryMachineTemplate is the schema for the in-memory machine + template API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InMemoryMachineTemplateSpec defines the desired state of + InMemoryMachineTemplate. + properties: + template: + description: InMemoryMachineTemplateResource describes the data needed + to create a InMemoryMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + behaviour: + description: Behaviour of the InMemoryMachine; this will allow + to make a simulation more alike to real use cases e.g. by + defining the duration of the provisioning phase mimicking + the performances of the target infrastructure. + properties: + apiServer: + description: APIServer defines the behaviour of the APIServer + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the APIServer hosted on the InMemoryMachine + is going to be provisioned. NOTE: APIServer provisioning + includes all the steps from starting the static + Pod to the Pod become ready and being registered + in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + etcd: + description: Etcd defines the behaviour of the etcd member + hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the etcd member hosted on the InMemoryMachine + is going to be provisioned. NOTE: Etcd provisioning + includes all the steps from starting the static + Pod to the Pod become ready and being registered + in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + node: + description: Node defines the behaviour of the Node (the + kubelet) hosted on the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the Node (the kubelet) hosted on the InMemoryMachine + is going to be provisioned. NOTE: Node provisioning + includes all the steps from starting kubelet to + the node become ready, get a provider ID, and being + registered in K8s.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + vm: + description: VM defines the behaviour of the VM implementing + the InMemoryMachine. + properties: + provisioning: + description: 'Provisioning defines variables influencing + how the VM implementing the InMemoryMachine is going + to be provisioned. NOTE: VM provisioning includes + all the steps from creation to power-on.' + properties: + startupDuration: + description: StartupDuration defines the duration + of the object provisioning phase. + type: string + startupJitter: + description: 'StartupJitter adds some randomness + on StartupDuration; the actual duration will + be StartupDuration plus an additional amount + chosen uniformly at random from the interval + between zero and `StartupJitter*StartupDuration`. + NOTE: this is modeled as string because the + usage of float is highly discouraged, as support + for them varies across languages.' + type: string + required: + - startupDuration + type: object + type: object + type: object + providerID: + description: ProviderID will be the container name in ProviderID + format (in-memory:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-manager + namespace: capim-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-leader-election-role + namespace: capim-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machines + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemoryclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemoryclusters/finalizers + - inmemoryclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemorymachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - inmemorymachines/finalizers + - inmemorymachines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-leader-election-rolebinding + namespace: capim-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capim-leader-election-role +subjects: +- kind: ServiceAccount + name: capim-manager + namespace: capim-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capim-manager-role +subjects: +- kind: ServiceAccount + name: capim-manager + namespace: capim-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-webhook-service + namespace: capim-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-in-memory +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + name: capim-controller-manager + namespace: capim-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: gcr.io/k8s-staging-cluster-api/capim-manager:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capim-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: capim-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-serving-cert + namespace: capim-system +spec: + dnsNames: + - capim-webhook-service.capim-system.svc + - capim-webhook-service.capim-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capim-selfsigned-issuer + secretName: capim-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-selfsigned-issuer + namespace: capim-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorycluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemorycluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemoryclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemoryclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemorymachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.inmemorymachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachinetemplates + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capim-system/capim-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-in-memory + name: capim-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorycluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemorycluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemoryclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemoryclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemoryclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemorymachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capim-webhook-service + namespace: capim-system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-inmemorymachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.inmemorymachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - inmemorymachinetemplates + sideEffects: None diff --git a/files/cluster-api/v1.6.2/metadata.yaml b/files/cluster-api/v1.6.2/metadata.yaml new file mode 100644 index 00000000..f893dd9e --- /dev/null +++ b/files/cluster-api/v1.6.2/metadata.yaml @@ -0,0 +1,32 @@ +# maps release series of major.minor to cluster-api contract version +# the contract version may change between minor or major versions, but *not* +# between patch versions. +# +# update this file only when a new major or minor version is released +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata +releaseSeries: + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 0 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1alpha4 \ No newline at end of file diff --git a/files/cluster-api/v1.6.2/runtime-extension-components-development.yaml b/files/cluster-api/v1.6.2/runtime-extension-components-development.yaml new file mode 100644 index 00000000..a43fa7eb --- /dev/null +++ b/files/cluster-api/v1.6.2/runtime-extension-components-development.yaml @@ -0,0 +1,225 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager + namespace: test-extension-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-leader-election-role + namespace: test-extension-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-leader-election-rolebinding + namespace: test-extension-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-extension-leader-election-role +subjects: +- kind: ServiceAccount + name: test-extension-manager + namespace: test-extension-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: test-extension-manager-role +subjects: +- kind: ServiceAccount + name: test-extension-manager + namespace: test-extension-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-webhook-service + namespace: test-extension-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-controller-manager + namespace: test-extension-system +spec: + replicas: 1 + selector: + matchLabels: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test + template: + metadata: + labels: + app: test-extension-manager + cluster.x-k8s.io/provider: runtime-extension-test + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + image: gcr.io/k8s-staging-cluster-api/test-extension:v1.6.2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: test-extension-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: test-extension-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-serving-cert + namespace: test-extension-system +spec: + dnsNames: + - test-extension-webhook-service.test-extension-system.svc + - test-extension-webhook-service.test-extension-system.svc.cluster.local + - localhost + issuerRef: + kind: Issuer + name: test-extension-selfsigned-issuer + secretName: test-extension-webhook-service-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: runtime-extension-test + name: test-extension-selfsigned-issuer + namespace: test-extension-system +spec: + selfSigned: {} diff --git a/files/cluster-api/v1.6.2/runtime-sdk-openapi.yaml b/files/cluster-api/v1.6.2/runtime-sdk-openapi.yaml new file mode 100644 index 00000000..b42938c5 --- /dev/null +++ b/files/cluster-api/v1.6.2/runtime-sdk-openapi.yaml @@ -0,0 +1,2326 @@ +components: + schemas: + k8s.io.api.core.v1.ObjectReference: + description: ObjectReference contains enough information to let you inspect + or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the object + reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container + that triggered the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only to have + some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, + if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON: + description: 'JSON represents any valid JSON value. These types are supported: + bool, int64, float64, string, []interface{}, map[string]interface{} and nil.' + k8s.io.apimachinery.pkg.apis.meta.v1.Duration: + description: Duration is a wrapper around time.Duration which supports correct + marshaling to YAML and JSON. In particular, it marshals into strings, which + can be used as map keys in json. + type: string + k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1: + description: |- + FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. + + Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set. + + The exact format is defined in sigs.k8s.io/structured-merge-diff + type: object + k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry: + description: ManagedFieldsEntry is a workflow-id, a FieldSet and the group version + of the resource that the fieldset applies to. + properties: + apiVersion: + description: APIVersion defines the version of this resource that this field + set applies to. The format is "group/version" just like the top-level + APIVersion field. It is necessary to track the version of a field set + because it cannot be automatically converted. + type: string + fieldsType: + description: 'FieldsType is the discriminator for the different fields format + and version. There is currently only one possible value: "FieldsV1"' + type: string + fieldsV1: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.FieldsV1' + description: FieldsV1 holds the first JSON version format as described in + the "FieldsV1" type. + manager: + description: Manager is an identifier of the workflow managing these fields. + type: string + operation: + description: Operation is the type of operation which lead to this ManagedFieldsEntry + being created. The only valid values for this field are 'Apply' and 'Update'. + type: string + subresource: + description: Subresource is the name of the subresource used to update that + object, or empty string if the object was updated through the main resource. + The value of this field is used to distinguish between managers, even + if they share the same name. For example, a status update will be distinct + from a regular update using the same manager name. Note that the APIVersion + field is not related to the Subresource field and it always corresponds + to the version of the main resource. + type: string + time: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + description: Time is timestamp of when these fields were set. It should + always be empty if Operation is 'Apply' + type: object + k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta: + description: ObjectMeta is metadata that all persisted resources must have, + which includes all objects users must create. + properties: + annotations: + additionalProperties: + default: "" + type: string + description: 'Annotations is an unstructured key value map stored with a + resource that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is + used to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is going + to ignore it if set in create or update request. + type: string + creationTimestamp: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + default: {} + description: |- + CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + + Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + description: |- + DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. + + Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + finalizers: + description: Must be empty before the object is deleted from the registry. + Each entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is non-nil, + entries in this list can only be removed. Finalizers may be processed + and removed in any order. Order is NOT enforced because it introduces + significant risk of stuck finalizers. finalizers is a shared field, any + actor with permission can reorder it. If the finalizer list is processed + in order, then this can lead to a situation in which the component responsible + for the first finalizer in the list is waiting for a signal (field value, + external system, or other) produced by a component responsible for a finalizer + later in the list, resulting in a deadlock. Without enforced ordering + finalizers are free to order amongst themselves and are not vulnerable + to ordering changes in the list. + items: + default: "" + type: string + type: array + x-kubernetes-patch-strategy: merge + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the + desired state. Populated by the system. Read-only. + format: int64 + type: integer + labels: + additionalProperties: + default: "" + type: string + description: 'Map of string keys and values that can be used to organize + and categorize (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + managedFields: + description: ManagedFields maps workflow-id and version to the set of fields + that are managed by that workflow. This is mostly for internal housekeeping, + and users typically shouldn't need to set or understand this field. A + workflow can be the user's name, a controller's name, or the name of a + specific apply path like "ci-cd". The set of fields is always in the version + that the workflow used when modifying the object. + items: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry' + default: {} + type: array + name: + description: 'Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the generation + of an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in + the list have been deleted, this object will be garbage collected. If + this object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + items: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference' + default: {} + type: array + x-kubernetes-patch-merge-key: uid + x-kubernetes-patch-strategy: merge + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: |- + SelfLink is a URL representing this object. Populated by the system. Read-only. + + DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference: + description: OwnerReference contains enough information to let you identify + an owning object. An owning object must be in the same namespace as the dependent, + or be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + default: "" + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this reference + is removed. Defaults to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + default: "" + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + default: "" + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + default: "" + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + k8s.io.apimachinery.pkg.apis.meta.v1.Time: + description: Time is a wrapper around time.Time which supports correct marshaling + to YAML and JSON. Wrappers are provided for many of the factory methods that + the time package offers. + format: date-time + type: string + k8s.io.apimachinery.pkg.runtime.RawExtension: + description: "RawExtension is used to hold extensions in external versions.\n\nTo + use this, make a field which has RawExtension as its type in your external, + versioned struct, and Object in your internal struct. You also need to register + your various plugin types.\n\n// Internal package: type MyAPIObject struct + {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} + type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External + package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin + runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption + string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something + like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": + {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what + happens? Decode first uses json or yaml to unmarshal the serialized data into + your external MyAPIObject. That causes the raw JSON to be stored, but not + unpacked. The next step is to copy (using pkg/conversion) into the internal + struct. The runtime package's DefaultScheme has conversion functions installed + which will unpack the JSON stored in RawExtension, turning it into the correct + object type, and storing it in the Object. (TODO: In the case where the object + is of an unknown type, a runtime.Unknown object will be created and stored.)" + type: object + k8s.io.apimachinery.pkg.util.intstr.IntOrString: + description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + oneOf: + - type: integer + - type: string + x-kubernetes-v2-schema: + description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + sigs.k8s.io.cluster-api.api.v1beta1.APIEndpoint: + description: APIEndpoint represents a reachable Kubernetes API endpoint. + properties: + host: + default: "" + description: The hostname on which the API server is serving. + type: string + port: + default: 0 + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + sigs.k8s.io.cluster-api.api.v1beta1.Cluster: + description: Cluster is the Schema for the clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta' + default: {} + spec: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterSpec' + default: {} + status: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterStatus' + default: {} + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterClassVariable: + description: ClusterClassVariable defines a variable which can be configured + in the Cluster topology and used in patches. + properties: + name: + default: "" + description: Name of the variable. + type: string + required: + default: false + description: 'Required specifies if the variable is required. Note: this + applies to the variable as a whole and thus the top-level object defined + in the schema. If nested fields are required, this will be specified inside + the schema.' + type: boolean + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.VariableSchema' + default: {} + description: Schema defines the schema of the variable. + required: + - name + - required + - schema + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterNetwork: + description: ClusterNetwork specifies the different networking parameters for + a cluster. + properties: + apiServerPort: + description: APIServerPort specifies the port the API Server should bind + to. Defaults to 6443. + format: int32 + type: integer + pods: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.NetworkRanges' + description: The network ranges from which Pod networks are allocated. + serviceDomain: + description: Domain name for services. + type: string + services: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.NetworkRanges' + description: The network ranges from which service VIPs are allocated. + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterSpec: + description: ClusterSpec defines the desired state of Cluster. + properties: + clusterNetwork: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterNetwork' + description: Cluster network configuration. + controlPlaneEndpoint: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.APIEndpoint' + default: {} + description: ControlPlaneEndpoint represents the endpoint used to communicate + with the control plane. + controlPlaneRef: + $ref: '#/components/schemas/k8s.io.api.core.v1.ObjectReference' + description: ControlPlaneRef is an optional reference to a provider-specific + resource that holds the details for provisioning the Control Plane for + a Cluster. + infrastructureRef: + $ref: '#/components/schemas/k8s.io.api.core.v1.ObjectReference' + description: InfrastructureRef is a reference to a provider-specific resource + that holds the details for provisioning infrastructure for a cluster in + said provider. + paused: + description: Paused can be used to prevent controllers from processing the + Cluster and all its associated objects. + type: boolean + topology: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Topology' + description: 'This encapsulates the topology for the cluster. NOTE: It is + required to enable the ClusterTopology feature gate flag to activate managed + topologies support; this feature is highly experimental, and parts of + it might still be not implemented.' + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterStatus: + description: ClusterStatus defines the observed state of Cluster. + properties: + conditions: + description: Conditions defines current service state of the cluster. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Condition' + default: {} + type: array + controlPlaneReady: + default: false + description: ControlPlaneReady defines if the control plane is ready. + type: boolean + failureDomains: + additionalProperties: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.FailureDomainSpec' + default: {} + description: FailureDomains is a slice of failure domain objects synced + from the infrastructure provider. + type: object + failureMessage: + description: FailureMessage indicates that there is a fatal problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + default: false + description: InfrastructureReady is the state of the infrastructure provider. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed by the + controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. E.g. + Pending, Running, Terminating, Failed etc. + type: string + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable: + description: ClusterVariable can be used to customize the Cluster through patches. + Each ClusterVariable is associated with a Variable definition in the ClusterClass + `status` variables. + properties: + definitionFrom: + description: 'DefinitionFrom specifies where the definition of this Variable + is from. DefinitionFrom is `inline` when the definition is from the ClusterClass + `.spec.variables` or the name of a patch defined in the ClusterClass `.spec.patches` + where the patch is external and provides external variables. This field + is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass + `status.variables[]`' + type: string + name: + default: "" + description: Name of the variable. + type: string + value: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + default: {} + description: 'Value of the variable. Note: the value will be validated against + the schema of the corresponding ClusterClassVariable from the ClusterClass. + Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, + because controller-tools has a hard-coded schema for apiextensionsv1.JSON + which cannot be produced by another type via controller-tools, i.e. it + is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111' + required: + - name + - value + type: object + sigs.k8s.io.cluster-api.api.v1beta1.Condition: + description: Condition defines an observation of a Cluster API resource operational + state. + properties: + lastTransitionTime: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + default: {} + description: Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + message: + description: A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a + guaranteed API. This field may not be empty. + type: string + severity: + description: Severity provides an explicit classification of Reason code, + so the users or machines can immediately understand the current situation + and act accordingly. The Severity field MUST be set only when Status=False. + type: string + status: + default: "" + description: Status of the condition, one of True, False, Unknown. + type: string + type: + default: "" + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, + but because arbitrary conditions can be useful (see .node.status.conditions), + the ability to deconflict is important. + type: string + required: + - type + - status + - lastTransitionTime + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ControlPlaneTopology: + description: ControlPlaneTopology specifies the parameters for the control plane + nodes in the cluster. + properties: + machineHealthCheck: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineHealthCheckTopology' + description: MachineHealthCheck allows to enable, disable and override the + MachineHealthCheck configuration in the ClusterClass for this control + plane. + metadata: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta' + default: {} + description: Metadata is the metadata applied to the ControlPlane and the + Machines of the ControlPlane if the ControlPlaneTemplate referenced by + the ClusterClass is machine based. If not, it is applied only to the ControlPlane. + At runtime this metadata is merged with the corresponding metadata from + the ClusterClass. + nodeDeletionTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeDeletionTimeout defines how long the controller will attempt + to delete the Node that the Machine hosts after the Machine is marked + for deletion. A duration of 0 will retry deletion indefinitely. Defaults + to 10 seconds. + nodeDrainTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: 'NodeDrainTimeout is the total amount of time that the controller + will spend on draining a node. The default value is 0, meaning that the + node can be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + nodeVolumeDetachTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeVolumeDetachTimeout is the total amount of time that the + controller will spend on waiting for all volumes to be detached. The default + value is 0, meaning that the volumes can be detached without any time + limitations. + replicas: + description: Replicas is the number of control plane nodes. If the value + is nil, the ControlPlane object is created without the number of Replicas + and it's assumed that the control plane controller does not implement + support for this field. When specified against a control plane provider + that lacks support for this field, this value will be ignored. + format: int32 + type: integer + type: object + sigs.k8s.io.cluster-api.api.v1beta1.FailureDomainSpec: + description: FailureDomainSpec is the Schema for Cluster API failure domains. + It allows controllers to understand how many failure domains a cluster can + optionally span across. + properties: + attributes: + additionalProperties: + default: "" + type: string + description: Attributes is a free form map of attributes an infrastructure + provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain is suitable + for use by control plane machines. + type: boolean + type: object + sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps: + description: JSONSchemaProps is a JSON-Schema following Specification Draft + 4 (http://json-schema.org/). This struct has been initially copied from apiextensionsv1.JSONSchemaProps, + but all fields which are not supported in CAPI have been removed. + properties: + additionalProperties: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + description: 'AdditionalProperties specifies the schema of values in a map + (keys are always strings). NOTE: Can only be set if type is object. NOTE: + AdditionalProperties is mutually exclusive with Properties. NOTE: This + field uses PreserveUnknownFields and Schemaless, because recursive validation + is not possible.' + default: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + description: 'Default is the default value of the variable. NOTE: Can be + set for all types.' + description: + description: Description is a human-readable description of this variable. + type: string + enum: + description: 'Enum is the list of valid values of the variable. NOTE: Can + be set for all types.' + items: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + default: {} + type: array + example: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + description: Example is an example for this variable. + exclusiveMaximum: + description: 'ExclusiveMaximum specifies if the Maximum is exclusive. NOTE: + Can only be set if type is integer or number.' + type: boolean + exclusiveMinimum: + description: 'ExclusiveMinimum specifies if the Minimum is exclusive. NOTE: + Can only be set if type is integer or number.' + type: boolean + format: + description: 'Format is an OpenAPI v3 format string. Unknown formats are + ignored. For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver + version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go + NOTE: Can only be set if type is string.' + type: string + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + description: 'Items specifies fields of an array. NOTE: Can only be set + if type is array. NOTE: This field uses PreserveUnknownFields and Schemaless, + because recursive validation is not possible.' + maxItems: + description: 'MaxItems is the max length of an array variable. NOTE: Can + only be set if type is array.' + format: int64 + type: integer + maxLength: + description: 'MaxLength is the max length of a string variable. NOTE: Can + only be set if type is string.' + format: int64 + type: integer + maximum: + description: 'Maximum is the maximum of an integer or number variable. If + ExclusiveMaximum is false, the variable is valid if it is lower than, + or equal to, the value of Maximum. If ExclusiveMaximum is true, the variable + is valid if it is strictly lower than the value of Maximum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + minItems: + description: 'MinItems is the min length of an array variable. NOTE: Can + only be set if type is array.' + format: int64 + type: integer + minLength: + description: 'MinLength is the min length of a string variable. NOTE: Can + only be set if type is string.' + format: int64 + type: integer + minimum: + description: 'Minimum is the minimum of an integer or number variable. If + ExclusiveMinimum is false, the variable is valid if it is greater than, + or equal to, the value of Minimum. If ExclusiveMinimum is true, the variable + is valid if it is strictly greater than the value of Minimum. NOTE: Can + only be set if type is integer or number.' + format: int64 + type: integer + pattern: + description: 'Pattern is the regex which a string variable must match. NOTE: + Can only be set if type is string.' + type: string + properties: + additionalProperties: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + default: {} + description: 'Properties specifies fields of an object. NOTE: Can only be + set if type is object. NOTE: Properties is mutually exclusive with AdditionalProperties. + NOTE: This field uses PreserveUnknownFields and Schemaless, because recursive + validation is not possible.' + type: object + required: + description: 'Required specifies which fields of an object are required. + NOTE: Can only be set if type is object.' + items: + default: "" + type: string + type: array + type: + default: "" + description: 'Type is the type of the variable. Valid values are: object, + array, string, integer, number or boolean.' + type: string + uniqueItems: + description: 'UniqueItems specifies if items in an array must be unique. + NOTE: Can only be set if type is array.' + type: boolean + x-kubernetes-preserve-unknown-fields: + description: XPreserveUnknownFields allows setting fields in a variable + object which are not defined in the variable schema. This affects fields + recursively, except if nested properties or additionalProperties are specified + in the schema. + type: boolean + required: + - type + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentStrategy: + description: MachineDeploymentStrategy describes how to replace existing machines + with new ones. + properties: + rollingUpdate: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineRollingUpdateDeployment' + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + type: + description: Type of deployment. Allowed values are RollingUpdate and OnDelete. + The default is RollingUpdate. + type: string + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentTopology: + description: MachineDeploymentTopology specifies the different parameters for + a set of worker nodes in the topology. This set of nodes is managed by a MachineDeployment + object whose lifecycle is managed by the Cluster controller. + properties: + class: + default: "" + description: Class is the name of the MachineDeploymentClass used to create + the set of worker nodes. This should match one of the deployment classes + defined in the ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomain: + description: FailureDomain is the failure domain the machines will be created + in. Must match a key in the FailureDomains map stored on the cluster object. + type: string + machineHealthCheck: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineHealthCheckTopology' + description: MachineHealthCheck allows to enable, disable and override the + MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. + metadata: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta' + default: {} + description: Metadata is the metadata applied to the MachineDeployment and + the machines of the MachineDeployment. At runtime this metadata is merged + with the corresponding metadata from the ClusterClass. + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available as + soon as it is ready) + format: int32 + type: integer + name: + default: "" + description: Name is the unique identifier for this MachineDeploymentTopology. + The value is used with other unique identifiers to create a MachineDeployment's + Name (e.g. cluster's name, etc). In case the name is greater than the + allowed maximum length, the values are hashed together. + type: string + nodeDeletionTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeDeletionTimeout defines how long the controller will attempt + to delete the Node that the Machine hosts after the Machine is marked + for deletion. A duration of 0 will retry deletion indefinitely. Defaults + to 10 seconds. + nodeDrainTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: 'NodeDrainTimeout is the total amount of time that the controller + will spend on draining a node. The default value is 0, meaning that the + node can be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + nodeVolumeDetachTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeVolumeDetachTimeout is the total amount of time that the + controller will spend on waiting for all volumes to be detached. The default + value is 0, meaning that the volumes can be detached without any time + limitations. + replicas: + description: Replicas is the number of worker nodes belonging to this set. + If the value is nil, the MachineDeployment is created without the number + of Replicas (defaulting to 1) and it's assumed that an external entity + (like cluster autoscaler) is responsible for the management of this value. + format: int32 + type: integer + strategy: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentStrategy' + description: The deployment strategy to use to replace existing machines + with new ones. + variables: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentVariables' + description: Variables can be used to customize the MachineDeployment through + patches. + required: + - class + - name + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentVariables: + description: MachineDeploymentVariables can be used to provide variables for + a specific MachineDeployment. + properties: + overrides: + description: Overrides can be used to override Cluster level variables. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable' + default: {} + type: array + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineHealthCheckTopology: + description: MachineHealthCheckTopology defines a MachineHealthCheck for a group + of machines. + properties: + enable: + description: |- + Enable controls if a MachineHealthCheck should be created for the target machines. + + If false: No MachineHealthCheck will be created. + + If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will block if `enable` is true and no MachineHealthCheck definition is available. + type: boolean + maxUnhealthy: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString' + description: Any further remediation is only allowed if at most "MaxUnhealthy" + machines selected by "selector" are not healthy. + nodeStartupTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: Machines older than this duration without a node will be considered + to have failed and will be remediated. If you wish to disable this feature, + set the value explicitly to 0. + remediationTemplate: + $ref: '#/components/schemas/k8s.io.api.core.v1.ObjectReference' + description: |- + RemediationTemplate is a reference to a remediation template provided by an infrastructure provider. + + This field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Cluster API. + unhealthyConditions: + description: UnhealthyConditions contains a list of the conditions that + determine whether a node is considered unhealthy. The conditions are combined + in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.UnhealthyCondition' + default: {} + type: array + unhealthyRange: + description: 'Any further remediation is only allowed if the number of machines + selected by "selector" as not healthy is within the range of "UnhealthyRange". + Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This means that remediation + will be allowed only when: (a) there are at least 3 unhealthy machines + (and) (b) there are at most 5 unhealthy machines' + type: string + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachinePoolTopology: + description: MachinePoolTopology specifies the different parameters for a pool + of worker nodes in the topology. This pool of nodes is managed by a MachinePool + object whose lifecycle is managed by the Cluster controller. + properties: + class: + default: "" + description: Class is the name of the MachinePoolClass used to create the + pool of worker nodes. This should match one of the deployment classes + defined in the ClusterClass object mentioned in the `Cluster.Spec.Class` + field. + type: string + failureDomains: + description: FailureDomains is the list of failure domains the machine pool + will be created in. Must match a key in the FailureDomains map stored + on the cluster object. + items: + default: "" + type: string + type: array + metadata: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta' + default: {} + description: Metadata is the metadata applied to the MachinePool. At runtime + this metadata is merged with the corresponding metadata from the ClusterClass. + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + pool should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + name: + default: "" + description: Name is the unique identifier for this MachinePoolTopology. + The value is used with other unique identifiers to create a MachinePool's + Name (e.g. cluster's name, etc). In case the name is greater than the + allowed maximum length, the values are hashed together. + type: string + nodeDeletionTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeDeletionTimeout defines how long the controller will attempt + to delete the Node that the MachinePool hosts after the MachinePool is + marked for deletion. A duration of 0 will retry deletion indefinitely. + Defaults to 10 seconds. + nodeDrainTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: 'NodeDrainTimeout is the total amount of time that the controller + will spend on draining a node. The default value is 0, meaning that the + node can be drained without any time limitations. NOTE: NodeDrainTimeout + is different from `kubectl drain --timeout`' + nodeVolumeDetachTimeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + description: NodeVolumeDetachTimeout is the total amount of time that the + controller will spend on waiting for all volumes to be detached. The default + value is 0, meaning that the volumes can be detached without any time + limitations. + replicas: + description: Replicas is the number of nodes belonging to this pool. If + the value is nil, the MachinePool is created without the number of Replicas + (defaulting to 1) and it's assumed that an external entity (like cluster + autoscaler) is responsible for the management of this value. + format: int32 + type: integer + variables: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachinePoolVariables' + description: Variables can be used to customize the MachinePool through + patches. + required: + - class + - name + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachinePoolVariables: + description: MachinePoolVariables can be used to provide variables for a specific + MachinePool. + properties: + overrides: + description: Overrides can be used to override Cluster level variables. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable' + default: {} + type: array + type: object + sigs.k8s.io.cluster-api.api.v1beta1.MachineRollingUpdateDeployment: + description: MachineRollingUpdateDeployment is used to control the desired behavior + of rolling update. + properties: + deletePolicy: + description: DeletePolicy defines the policy used by the MachineDeployment + to identify nodes to delete when downscaling. Valid values are "Random, + "Newest", "Oldest" When no value is supplied, the default DeletePolicy + of MachineSet is used + type: string + maxSurge: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString' + description: 'The maximum number of machines that can be scheduled above + the desired number of machines. Value can be an absolute number (ex: 5) + or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable + is 0. Absolute number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet can be scaled + up immediately when the rolling update starts, such that the total number + of old and new machines do not exceed 130% of desired machines. Once old + machines have been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during the update is + at most 130% of desired machines.' + maxUnavailable: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.util.intstr.IntOrString' + description: 'The maximum number of machines that can be unavailable during + the update. Value can be an absolute number (ex: 5) or a percentage of + desired machines (ex: 10%). Absolute number is calculated from percentage + by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: + when this is set to 30%, the old MachineSet can be scaled down to 70% + of desired machines immediately when the rolling update starts. Once new + machines are ready, old MachineSet can be scaled down further, followed + by scaling up the new MachineSet, ensuring that the total number of machines + available at all times during the update is at least 70% of desired machines.' + type: object + sigs.k8s.io.cluster-api.api.v1beta1.NetworkRanges: + description: NetworkRanges represents ranges of network addresses. + properties: + cidrBlocks: + items: + default: "" + type: string + type: array + required: + - cidrBlocks + type: object + sigs.k8s.io.cluster-api.api.v1beta1.ObjectMeta: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta. + + ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience. + + During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: "null"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package. + + In more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable. + + In future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited. + properties: + annotations: + additionalProperties: + default: "" + type: string + description: 'Annotations is an unstructured key value map stored with a + resource that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + default: "" + type: string + description: 'Map of string keys and values that can be used to organize + and categorize (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + sigs.k8s.io.cluster-api.api.v1beta1.Topology: + description: Topology encapsulates the information of the managed resources. + properties: + class: + default: "" + description: The name of the ClusterClass object to create the topology. + type: string + controlPlane: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ControlPlaneTopology' + default: {} + description: ControlPlane describes the cluster control plane. + rolloutAfter: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Time' + description: |- + RolloutAfter performs a rollout of the entire cluster one component at a time, control plane first and then machine deployments. + + Deprecated: This field has no function and is going to be removed in the next apiVersion. + variables: + description: Variables can be used to customize the Cluster through patches. + They must comply to the corresponding VariableClasses defined in the ClusterClass. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterVariable' + default: {} + type: array + version: + default: "" + description: The Kubernetes version of the cluster. + type: string + workers: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.WorkersTopology' + description: Workers encapsulates the different constructs that form the + worker nodes for the cluster. + required: + - class + - version + type: object + sigs.k8s.io.cluster-api.api.v1beta1.UnhealthyCondition: + description: UnhealthyCondition represents a Node condition type and value with + a timeout specified as a duration. When the named condition has been in the + given status for at least the timeout value, a node is considered unhealthy. + properties: + status: + default: "" + type: string + timeout: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.apis.meta.v1.Duration' + default: 0 + type: + default: "" + type: string + required: + - type + - status + - timeout + type: object + sigs.k8s.io.cluster-api.api.v1beta1.VariableSchema: + description: VariableSchema defines the schema of a variable. + properties: + openAPIV3Schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.JSONSchemaProps' + default: {} + description: OpenAPIV3Schema defines the schema of a variable via OpenAPI + v3 schema. The schema is a subset of the schema used in Kubernetes CRDs. + required: + - openAPIV3Schema + type: object + sigs.k8s.io.cluster-api.api.v1beta1.WorkersTopology: + description: WorkersTopology represents the different sets of worker nodes in + the cluster. + properties: + machineDeployments: + description: MachineDeployments is a list of machine deployments in the + cluster. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachineDeploymentTopology' + default: {} + type: array + machinePools: + description: MachinePools is a list of machine pools in the cluster. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.MachinePoolTopology' + default: {} + type: array + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeRequest: + description: AfterClusterUpgradeRequest is the request of the AfterClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + default: "" + description: KubernetesVersion is the Kubernetes version after upgrade. + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + - kubernetesVersion + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeResponse: + description: AfterClusterUpgradeResponse is the response of the AfterClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedRequest: + description: AfterControlPlaneInitializedRequest is the request of the AfterControlPlaneInitialized + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedResponse: + description: AfterControlPlaneInitializedResponse is the response of the AfterControlPlaneInitialized + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeRequest: + description: AfterControlPlaneUpgradeRequest is the request of the AfterControlPlaneUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + default: "" + description: KubernetesVersion is the Kubernetes version of the Control + Plane after the upgrade. + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + - kubernetesVersion + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeResponse: + description: AfterControlPlaneUpgradeResponse is the response of the AfterControlPlaneUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateRequest: + description: BeforeClusterCreateRequest is the request of the BeforeClusterCreate + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateResponse: + description: BeforeClusterCreateResponse is the response of the BeforeClusterCreate + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteRequest: + description: BeforeClusterDeleteRequest is the request of the BeforeClusterDelete + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + required: + - cluster + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteResponse: + description: BeforeClusterDeleteResponse is the response of the BeforeClusterDelete + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeRequest: + description: BeforeClusterUpgradeRequest is the request of the BeforeClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + cluster: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.Cluster' + default: {} + description: Cluster is the cluster object the lifecycle hook corresponds + to. + fromKubernetesVersion: + default: "" + description: FromKubernetesVersion is the current Kubernetes version of + the cluster. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + toKubernetesVersion: + default: "" + description: ToKubernetesVersion is the target Kubernetes version of the + upgrade. + type: string + required: + - cluster + - fromKubernetesVersion + - toKubernetesVersion + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeResponse: + description: BeforeClusterUpgradeResponse is the response of the BeforeClusterUpgrade + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + retryAfterSeconds: + default: 0 + description: RetryAfterSeconds when set to a non-zero value signifies that + the hook will be called again at a future time. + format: int32 + type: integer + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - retryAfterSeconds + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesRequest: + description: DiscoverVariablesRequest is the request of the DiscoverVariables + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesResponse: + description: DiscoverVariablesResponse is the response of the DiscoverVariables + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + variables: + description: Variables are variable schemas for variables defined by the + DiscoverVariables hook. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.api.v1beta1.ClusterClassVariable' + default: {} + type: array + required: + - status + - message + - variables + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryRequest: + description: DiscoveryRequest is the request of the Discovery hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryResponse: + description: DiscoveryResponse is the response of the Discovery hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + handlers: + description: Handlers defines the current ExtensionHandlers supported by + an Extension. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ExtensionHandler' + default: {} + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - handlers + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ExtensionHandler: + description: ExtensionHandler represents the discovery information for an extension + handler which includes the hook it supports. + properties: + failurePolicy: + description: FailurePolicy defines how failures in calls to the ExtensionHandler + should be handled by a client. This is defaulted to FailurePolicyFail + if not defined. + type: string + name: + default: "" + description: Name is the name of the ExtensionHandler. + type: string + requestHook: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GroupVersionHook' + default: {} + description: RequestHook defines the versioned runtime hook which this ExtensionHandler + serves. + timeoutSeconds: + description: TimeoutSeconds defines the timeout duration for client calls + to the ExtensionHandler. This is defaulted to 10 if left undefined. + format: int32 + type: integer + required: + - name + - requestHook + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequest: + description: GeneratePatchesRequest is the request of the GeneratePatches hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + items: + description: Items is the list of templates to generate patches for. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequestItem' + default: {} + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + variables: + description: Variables are global variables for all templates. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - variables + - items + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequestItem: + description: GeneratePatchesRequestItem represents a template to generate patches + for. + properties: + holderReference: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.HolderReference' + default: {} + description: HolderReference is a reference to the object where the template + is used. + object: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.runtime.RawExtension' + default: {} + description: Object contains the template as a raw object. + uid: + default: "" + description: UID is an identifier for this template. It allows us to correlate + the template in the request with the corresponding generated patches in + the response. + type: string + variables: + description: Variables are variables specific for the current template. + For example some builtin variables like MachineDeployment replicas and + version are context-sensitive and thus are only added to templates for + MachineDeployments and with values which correspond to the current MachineDeployment. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - uid + - holderReference + - object + - variables + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponse: + description: 'GeneratePatchesResponse is the response of the GeneratePatches + hook. NOTE: The patches in GeneratePatchesResponse will be applied in the + order in which they are defined to the templates of the request. Thus applying + changes consecutively when iterating through internal and external patches.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + items: + description: Items is the list of generated patches. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponseItem' + default: {} + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + - items + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponseItem: + description: GeneratePatchesResponseItem is a generated patch. + properties: + patch: + description: Patch contains the patch which should be applied to the template. + It must be of the corresponding PatchType. + format: byte + type: string + patchType: + default: "" + description: |- + PatchType defines the type of the patch. One of: "JSONPatch" or "JSONMergePatch". + + Possible enum values: + - `"JSONMergePatch"` identifies a https://datatracker.ietf.org/doc/html/rfc7386 JSON merge patch. + - `"JSONPatch"` identifies a https://datatracker.ietf.org/doc/html/rfc6902 JSON patch. + enum: + - JSONMergePatch + - JSONPatch + type: string + uid: + default: "" + description: UID identifies the corresponding template in the request on + which the patch should be applied. + type: string + required: + - uid + - patchType + - patch + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GroupVersionHook: + description: GroupVersionHook defines the runtime hook when the ExtensionHandler + is called. + properties: + apiVersion: + default: "" + description: APIVersion is the group and version of the Hook + type: string + hook: + default: "" + description: Hook is the name of the hook + type: string + required: + - apiVersion + - hook + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.HolderReference: + description: HolderReference represents a reference to an object which holds + a template. + properties: + apiVersion: + default: "" + description: API version of the referent. + type: string + fieldPath: + default: "" + description: FieldPath is the path to the field of the object which references + the template. + type: string + kind: + default: "" + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + default: "" + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + default: "" + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - apiVersion + - kind + - namespace + - name + - fieldPath + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequest: + description: ValidateTopologyRequest is the request of the ValidateTopology + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + items: + description: Items is the list of templates to validate. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequestItem' + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + settings: + additionalProperties: + default: "" + type: string + description: Settings defines key value pairs to be passed to the call. + type: object + variables: + description: Variables are global variables for all templates. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - variables + - items + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequestItem: + description: ValidateTopologyRequestItem represents a template to validate. + properties: + holderReference: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.HolderReference' + default: {} + description: HolderReference is a reference to the object where the template + is used. + object: + $ref: '#/components/schemas/k8s.io.apimachinery.pkg.runtime.RawExtension' + default: {} + description: Object contains the template as a raw object. + variables: + description: Variables are variables specific for the current template. + For example some builtin variables like MachineDeployment replicas and + version are context-sensitive and thus are only added to templates for + MachineDeployments and with values which correspond to the current MachineDeployment. + items: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable' + default: {} + type: array + required: + - holderReference + - object + - variables + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyResponse: + description: ValidateTopologyResponse is the response of the ValidateTopology + hook. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + message: + default: "" + description: A human-readable description of the status of the call. + type: string + status: + default: "" + description: |- + Status of the call. One of "Success" or "Failure". + + Possible enum values: + - `"Failure"` represents a failure response. + - `"Success"` represents a success response. + enum: + - Failure + - Success + type: string + required: + - status + - message + type: object + sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.Variable: + description: Variable represents a variable value. + properties: + name: + default: "" + description: Name of the variable. + type: string + value: + $ref: '#/components/schemas/k8s.io.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON' + default: {} + description: Value of the variable. + required: + - name + - value + type: object +info: + description: |- + This document defines the Open API specification of the services that Cluster API runtime is going to call while managing the Cluster's lifecycle. + + Services described in this specification are also referred to as Runtime Hooks, given that they allow external components to hook-in the cluster's lifecycle. The corresponding components implementing handlers for Runtime Hooks calls are referred to as Runtime Extensions. + + More information is available in the [Cluster API book](https://cluster-api.sigs.k8s.io/). + license: + name: Apache 2.0 + url: http://www.apache.org/licenses/LICENSE-2.0.html + title: Cluster API - Runtime SDK + version: v1.6.2 +openapi: 3.0.0 +paths: + /hooks.runtime.cluster.x-k8s.io/v1alpha1/afterclusterupgrade/{name}: + post: + description: "Cluster API Runtime will call this hook after a Cluster has been + upgraded to the version specified in spec.topology.version. An upgrade is + completed when all control plane and MachineDeployment's Machines have been + upgraded.\n\nNotes:\n- This hook will be called only for Clusters with a managed + topology\n- The call's request contains the Cluster object and the Kubernetes + version we upgraded to \n- This is a non-blocking hook" + operationId: hooksRuntimeClusterV1alpha1Afterclusterupgrade + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterClusterUpgradeResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after a Cluster is upgraded + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/aftercontrolplaneinitialized/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the control plane for the Cluster is reachable for the first time. + + Notes: + - This hook will be called only for Clusters with a managed topology + - This is a non-blocking hook + operationId: hooksRuntimeClusterV1alpha1Aftercontrolplaneinitialized + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneInitializedResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after the control plane is + reachable for the first time + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/aftercontrolplaneupgrade/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the a cluster's control plane has been upgraded to the version specified in spec.topology.version, and immediately before the new version is going to be propagated to the MachineDeployments. A control plane upgrade is completed when all the machines in the control plane have been upgraded. + + Notes: + - This hook will be called only for Clusters with a managed topology + - The call's request contains the Cluster object and the Kubernetes version we upgraded to + - This is a blocking hook; Runtime Extension implementers can use this hook to execute tasks before the new version is propagated to the MachineDeployments + operationId: hooksRuntimeClusterV1alpha1Aftercontrolplaneupgrade + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.AfterControlPlaneUpgradeResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after the control plane is + upgraded + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/beforeclustercreate/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the Cluster is created by the user and immediately before all the objects which are part of a Cluster's topology are going to be created. + + Notes: + - This hook will be called only for Clusters with a managed topology + - The call's request contains the Cluster object + - This is a blocking hook; Runtime Extension implementers can use this hook to execute + tasks before the objects which are part of a Cluster's topology are created + operationId: hooksRuntimeClusterV1alpha1Beforeclustercreate + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterCreateResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook before a Cluster's topology + is created + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/beforeclusterdelete/{name}: + post: + description: "Cluster API Runtime will call this hook after the Cluster deletion + has been triggered by the user, and immediately before objects of the Cluster + are going to be deleted.\n\nNotes:\n- This hook will be called only for Clusters + with a managed topology\n- The call's request contains the Cluster object + \n- This is a blocking hook; Runtime Extension implementers can use this hook + \ to execute tasks before objects of the Cluster are deleted" + operationId: hooksRuntimeClusterV1alpha1Beforeclusterdelete + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterDeleteResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook before the Cluster is deleted + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/beforeclusterupgrade/{name}: + post: + description: |- + Cluster API Runtime will call this hook after the Cluster object has been updated with a new spec.topology.version by the user, and immediately before the new version is propagated to the control plane. + + Notes: + - This hook will be called only for Clusters with a managed topology + - The call's request contains the Cluster object, the current Kubernetes version and the Kubernetes version we are upgrading to + - This is a blocking hook; Runtime Extension implementers can use this hook to execute tasks before the new version is propagated to the control plane + operationId: hooksRuntimeClusterV1alpha1Beforeclusterupgrade + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.BeforeClusterUpgradeResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook before the Cluster is upgraded + tags: + - Lifecycle Hooks + /hooks.runtime.cluster.x-k8s.io/v1alpha1/discovervariables/{name}: + post: + description: |- + Cluster API Runtime will call this hook when ClusterClass variables are being computed during the ClusterClass reconcile loop.Notes: + - The response must contain the schemas of all variables defined by the patch. + operationId: hooksRuntimeClusterV1alpha1Discovervariables + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoverVariablesResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook when ClusterClass variables + are being computed + tags: + - Topology Mutation Hook + /hooks.runtime.cluster.x-k8s.io/v1alpha1/discovery: + post: + description: |- + Cluster API Runtime will call this hook when an ExtensionConfig is reconciled. Runtime Extension implementers must use this hook to inform the Cluster API runtime about all the handlers that are defined in an external component implementing Runtime Extensions. + + Notes: + - When using Runtime SDK utils, a handler for this hook is automatically generated + operationId: hooksRuntimeClusterV1alpha1Discovery + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.DiscoveryResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook when an ExtensionConfig is + reconciled + tags: + - Discovery + /hooks.runtime.cluster.x-k8s.io/v1alpha1/generatepatches/{name}: + post: + description: |- + Cluster API Runtime will call this hook when a Cluster's topology is being computed during each topology controller reconcile loop. More specifically, this hook will be called while computing patches to be applied on top of templates derived from the Cluster's ClusterClass. + + Notes: + - The call's request contains all templates, the global variables and the template-specific variables required to compute patches + - The response must contain generated patches + operationId: hooksRuntimeClusterV1alpha1Generatepatches + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.GeneratePatchesResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook when a Cluster's topology is + being computed + tags: + - Topology Mutation Hook + /hooks.runtime.cluster.x-k8s.io/v1alpha1/validatetopology/{name}: + post: + description: |- + Cluster API Runtime will call this hook after a Cluster's topology has been computed during each topology controller reconcile loop. More specifically, this hook will be called after all patches have been applied to the templates derived from the Cluster's ClusterClass. + + Notes: + - The call's request contains all templates, the global variables and the template-specific variables used while computing patches + - The response must contain the result of the validation + operationId: hooksRuntimeClusterV1alpha1Validatetopology + parameters: + - description: The handler name. Handlers within a single external component + implementing Runtime Extensions must have different names + in: path + name: name + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyRequest' + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/sigs.k8s.io.cluster-api.exp.runtime.hooks.api.v1alpha1.ValidateTopologyResponse' + description: Status code 200 indicates that the request has been processed + successfully. Runtime Extension authors must use fields in the response + like e.g. status and message to return processing outcomes. + summary: Cluster API Runtime will call this hook after a Cluster's topology + has been computed + tags: + - Topology Mutation Hook